scip AG

NASLDB: Mandriva Linux Security Advisory : pidgin (MDVSA-2010:001)

General

ID: 43853
Name: Mandriva Linux Security Advisory : pidgin (MDVSA-2010:001)

Summary: Checks rpm output for the updated packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: –

Port: 0
Family: Mandriva Local Security Checks
Type: Local

Description

Security vulnerabilities has been identified and fixed in pidgin :

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and
Adium before 1.3.7 allows remote attackers to cause a denial of
service (application crash) via crafted contact-list data for (1) ICQ
and possibly (2) AIM, as demonstrated by the SIM IM client
(CVE-2009-3615).

Directory traversal vulnerability in slp.c in the MSN protocol plugin
in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers
to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a
related issue to CVE-2004-0122. NOTE: it could be argued that this is
resultant from a vulnerability in which an emoticon download request
is processed even without a preceding text/x-mms-emoticon message that
announced availability of the emoticon (CVE-2010-0013).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

This update provides pidgin 2.6.5, which is not vulnerable to these
issues.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2009-3615
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2010/01/11
Plugin Release: 2010/01/12

Plugin

Version: 1.8
Filename: mandriva_MDVSA-2010-001.nasl
Filesize: 7470 bytes
MD5 Hash: 04cedf4487b703579046baeb929a6cbf

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2010-2012 Tenable Network Security, Inc.

Latest Plugins

• Latest Plugins
  • USN-1611-1 : thunderbird vulnerabilities
  • USN-1610-1 : linux vulnerability
  • USN-1609-1 : linux-ti-omap4 vulnerability
  • SuSE 10 Security Update : PostgreSQL
  • RHSA-2012-1364: bind97
  • RHSA-2012-1363: bind
  • RHSA-2012-1362: thunderbird
  • RHSA-2012-1361: xulrunner
  • Mandriva Linux Security Advisory : graphicsmagick
  • FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

• Archive
• scip VulDB
• Syndication
  • RSS
  • Twitter