exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2013-0274

Status Candidate

Overview

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.

Related Files

Gentoo Linux Security Advisory 201405-22
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-22 - Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6152, CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
SHA-256 | d6ade25d1829f578c0c4b87491c29680a25c44d0e8a781b9891d64b725a269ed
Red Hat Security Advisory 2013-0646-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0646-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username.

tags | advisory, remote, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2013-0272, CVE-2013-0273, CVE-2013-0274
SHA-256 | b3c19a4366ad523734159f85e06904742d756e830065660510bfdc31ede59ef8
Mandriva Linux Security Advisory 2013-025
Posted Mar 14, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-025 - The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted mxit/imagestrips pathname. Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service via a crafted packet. upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service by leveraging access to the local network. This update provides pidgin 2.10.7, which is not vulnerable to these issues.

tags | advisory, remote, web, denial of service, overflow, arbitrary, local, protocol
systems | linux, mandriva
advisories | CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274
SHA-256 | 1947a7196d370ec292c6d6196bc378f7ab94ffd059b4a95d0ad67f48a214a6e6
Ubuntu Security Notice USN-1746-1
Posted Feb 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1746-1 - Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. It was discovered that Pidgin incorrectly handled long HTTP headers in the MXit protocol handler. A malicious remote server could use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274, CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274
SHA-256 | cab8da5f6e98651feb98f652311a38e0a1209f3942cdce9adda737ce25ba333d
Slackware Security Advisory - Pidgin Updates
Posted Feb 14, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274
SHA-256 | 4b6f131bd8e719fd8ff262590dbb3da0c22a6604e04ce625b7d0bb362f40453a
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close