Pardus: Pidgin: Multiple Vulnerabilities - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 20th, 2013

Linux Advisory Watch: May 17th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Pardus: Pidgin: Multiple Vulnerabilities

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.


--==============67230795=Content-Type: multipart/alternative; boundary1636c5a501aa2b39046ade6890

--001636c5a501aa2b39046ade6890
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-84            security@pardus.org.tr
------------------------------------------------------------------------

      Date: 2009-05-27
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
Some vulnerabilities and weaknesses have been reported in Pidgin, which

can be exploited by malicious people to cause a DoS (Denial of Service)
or to potentially compromise a user's system.


Description
==========
1) A truncation error in the processing of  MSN  SLP  messages  can  be

exploited to cause a buffer overflow.

2) A boundary  error  in  the  XMPP  SOCKS5  "bytestream"  server  when
initiating an outgoing file transfer can be exploited to cause a buffer
overflow.

Successful exploitation of vulnerabilities #1 and #2 may allow execution
of arbitrary code.

3)  A boundary   error   exists   in   the   implementation   of   the
"PurpleCircBuffer" structure. This can be exploited to  corrupt  memory

and cause a crash via specially crafted XMPP or Sametime packets.

4) A boundary error in the "decrypt_out()" function can be exploited to
cause  a stack-based  buffer  overflow  with  8  bytes  and  crash  the

application via a specially crafted QQ packet.



Affected packages:

  Pardus 2008:
    pidgin, all before 2.5.6-30-11


Resolution
=========
There are update(s) for pidgin. You can update them via Package Manager

or with a single command from console:

    pisi up pidgin

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id—95
  * http://www.pidgin.im/news/security/?id)

  * http://www.pidgin.im/news/security/?id0
  * http://www.pidgin.im/news/security/?id1
  * http://www.pidgin.im/news/security/?id2

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1373
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1374

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1375
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1376

  * http://secunia.com/advisories/35194

< Prev		Next >

Partner

Latest Features

Securing a Linux Web Server

Password guessing with Medusa 2.0

Password guessing as an attack vector

Squid and Digest Authentication

Squid and Basic Authentication

Demystifying the Chinese Hacking Industry: Earning 6 Million a Night

Free Online security course (LearnSIA) - A Call for Help

What You Need to Know About Linux Rootkits

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition

Using the sec-wall Security Proxy

Yesterday's Edition

Partner Sponsor