NASLDB: USN-1500-1 : pidgin vulnerabilities
General
ID: 59903
Name: USN-1500-1 : pidgin vulnerabilities
Summary: Checks dpkg output for updated package(s)
Credits: –
Classification
Risk: –
CVSS: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Base Vector: –
CVSS Temporal Vector: –
Port: 0
Family: Ubuntu Local Security Checks
Type: Local
Description
Evgeny Boger discovered that Pidgin incorrectly handled buddy list
messages in the AIM and ICQ protocol handlers. A remote attacker
could send a specially crafted message and cause Pidgin to crash,
leading to a denial of service. This issue only affected Ubuntu 10.04
LTS, 11.04 and 11.10. (CVE-2011-4601)
Thijs Alkemade discovered that Pidgin incorrectly handled malformed
voice and video chat requests in the XMPP protocol handler. A remote
attacker could send a specially crafted message and cause Pidgin to
crash, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4602)
Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8
sequences in the SILC protocol handler. A remote attacker could send
a specially crafted message and cause Pidgin to crash, leading to a
denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04
and 11.10. (CVE-2011-4603)
Julia Lawall discovered that Pidgin incorrectly cleared memory
contents used in cryptographic operations. An attacker could exploit
this to read the memory contents, leading to an information
disclosure. This issue only affected Ubuntu 10.04 LTS.
(CVE-2011-4922)
Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly
handled nickname changes inside chat rooms in the XMPP protocol
handler. A remote attacker could exploit this by changing nicknames,
leading to a denial of service. This issue only affected Ubuntu
11.10. (CVE-2011-4939)
Thijs Alkemade discovered that Pidgin incorrectly handled off-line
instant messages in the MSN protocol handler. A remote attacker could
send a specially crafted message and cause Pidgin to crash, leading
to a denial of service. This issue only affected Ubuntu 10.04 LTS,
11.04 and 11.10. (CVE-2012-1178)
José ValentÃn Gutiérrez discovered that Pidgin incorrectly handled
SOCKS5 proxy connections during file transfer requests in the XMPP
protocol handler. A remote attacker could send a specially crafted
request and cause Pidgin to crash, leading to a denial of service.
This issue only affected Ubuntu 12.04 LTS and 11.10. (CVE-2012-2214)
Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed
messages in the MSN protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a
denial of service. (CVE-2012-2318)
Ulf Härnhammar discovered that Pidgin incorrectly handled messages
with in-line images in the MXit protocol handler. A remote attacker
could send a specially crafted message and possibly execute arbitrary
code with user privileges. (CVE-2012-3374)
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2011-4601
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2012/07/09
Plugin Release: 2012/07/10
Plugin
Version: 1.1
Filename: ubuntu_USN-1500-1.nasl
Filesize: 6163 bytes
MD5 Hash: 55b60437414e3f1d95b5fd7dd7b38a6a
Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: –
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack