exploit the possibilities
Showing 1 - 4 of 4 RSS Feed

CVE-2011-4601

Status Candidate

Overview

family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.

Related Files

Ubuntu Security Notice USN-1500-1
Posted Jul 9, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1500-1 - Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4922, CVE-2011-4939, CVE-2012-1178, CVE-2012-2214, CVE-2012-2318, CVE-2012-3374, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4922, CVE-2011-4939, CVE-2012-1178, CVE-2012-2214, CVE-2012-2318, CVE-2012-3374
MD5 | 422fcc2933191191cceade8eaab9a688
Red Hat Security Advisory 2011-1821-01
Posted Dec 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1821-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4601, CVE-2011-4602
MD5 | 46e430cedaf047154ffe06385ec711fb
Red Hat Security Advisory 2011-1820-01
Posted Dec 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1820-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters in channel messages. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4601, CVE-2011-4602, CVE-2011-4603
MD5 | b255a257b03285222343a6fa7aac3f6b
Mandriva Linux Security Advisory 2011-183
Posted Dec 11, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-183 - When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing. When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This update provides pidgin 2.10.1, which is not vulnerable to these issues.

tags | advisory, protocol
systems | linux, mandriva
advisories | CVE-2011-4601, CVE-2011-3594
MD5 | 840f87defa7272b084b49e27fa52a89a
Page 1 of 1
Back1Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close