Vulnerabilities > CVE-2004-0122 - Information Disclosure vulnerability in Microsoft MSN Messenger 6.0/6.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-002.NASL description A security vulnerability has been identified and fixed in pidgin : Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). This update provides pidgin 2.6.5, which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48164 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48164 title Mandriva Linux Security Advisory : pidgin (MDVSA-2010:002) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:002. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(48164); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2010-0013"); script_bugtraq_id(37524); script_xref(name:"MDVSA", value:"2010:002"); script_name(english:"Mandriva Linux Security Advisory : pidgin (MDVSA-2010:002)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A security vulnerability has been identified and fixed in pidgin : Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). This update provides pidgin 2.6.5, which is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"http://pidgin.im/news/security/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64finch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfinch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-bonjour"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-gevolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-meanwhile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-mono"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-silc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-tcl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.0", reference:"finch-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64finch0-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64purple-devel-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64purple0-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libfinch0-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libpurple-devel-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libpurple0-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-bonjour-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-client-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-gevolution-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-i18n-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-meanwhile-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-mono-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-perl-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-plugins-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-silc-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-tcl-2.6.5-0.1mdv2010.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS04-010.NASL description The remote host is running MSN Messenger. The remote host appears to be vulnerable to a remote attack wherein an attacker can read any local file that the victim has last seen 2020-06-01 modified 2020-06-02 plugin id 12091 published 2004-03-09 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/12091 title MS04-010: MSN Messenger Information Disclosure (838512) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(12091); script_version("1.37"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2004-0122"); script_bugtraq_id(9828); script_xref(name:"MSFT", value:"MS04-010"); script_xref(name:"MSKB", value:"838512"); script_name(english:"MS04-010: MSN Messenger Information Disclosure (838512)"); script_summary(english:"Checks for MS04-010"); script_set_attribute(attribute:"synopsis", value:"It is possible to read files on the remote host."); script_set_attribute(attribute:"description", value: "The remote host is running MSN Messenger. The remote host appears to be vulnerable to a remote attack wherein an attacker can read any local file that the victim has 'read' access to."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2004/ms04-010"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Messenger 6.0 and 6.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/09"); script_set_attribute(attribute:"patch_publication_date", value:"2004/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/03/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:msn_messenger"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_nt_ms05-009.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } if ( get_kb_item("SMB/890261") ) exit(0); include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS04-010'; kbs = make_list("838512"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE); if ( hotfix_check_sp(nt:7, win2k:5,xp:2, win2003:1) <= 0 ) exit(0); if ( hotfix_missing(name:"KB823353") <= 0 ) exit(0); if ( hotfix_missing(name:"911565") <= 0 ) exit(0); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); port = kb_smb_transport(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$"); if ( r != 1 ) { NetUseDel(); audit(AUDIT_SHARE_FAIL,"IPC$"); } hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE); if ( isnull(hklm) ) { NetUseDel(); audit(AUDIT_REG_FAIL); } kb = '838512'; key = "SOFTWARE\Microsoft\MSNMessenger"; item = "InstallationDirectory"; key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED); if ( ! isnull(key_h) ) { value = RegQueryValue(handle:key_h, item:item); if (!isnull (value)) { key = "SOFTWARE\Classes\Installer\Products\C838BEBA7A1AD5C47B1EB83441062011"; item = "Version"; key_h2 = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED); if ( ! isnull(key_h) ) { value = RegQueryValue(handle:key_h2, item:item); if (!isnull (value)) { set_kb_item(name:"SMB/Registry/HKLM/SOFTWARE/Classes/Installer/Products/C838BEBA7A1AD5C47B1EB83441062011/Version", value:value[1]); a = ((value[1]) & 0xFF000000) >> 24; b = ((value[1] & 0xFF0000)) >> 16; c = value[1] & 0xFFFF; if ( ( a == 6 ) && ( (b == 0) || ( (b == 1) && (c < 211) ) ) ) { set_kb_item(name:"SMB/Missing/MS04-010", value:TRUE); hotfix_add_report(bulletin:bulletin, kb:kb); hotfix_security_note(); } } RegCloseKey(handle:key_h2); } } RegCloseKey (handle:key_h); } RegCloseKey (handle:hklm); NetUseDel();NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-085.NASL description Security vulnerabilities has been identified and fixed in pidgin : The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing last seen 2020-06-01 modified 2020-06-02 plugin id 46177 published 2010-04-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46177 title Mandriva Linux Security Advisory : pidgin (MDVSA-2010:085) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:085. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(46177); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2009-3615", "CVE-2010-0013", "CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423"); script_bugtraq_id(37524, 38294); script_xref(name:"MDVSA", value:"2010:085"); script_name(english:"Mandriva Linux Security Advisory : pidgin (MDVSA-2010:085)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security vulnerabilities has been identified and fixed in pidgin : The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing '<br>' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution (CVE-2010-0420). oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow (CVE-2010-0423). Packages for 2009.0 are provided due to the Extended Maintenance Program. This update provides pidgin 2.6.6, which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"http://pidgin.im/news/security/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 22, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64finch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfinch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-bonjour"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-gevolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-meanwhile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-mono"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-silc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-tcl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"finch-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64finch0-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64purple-devel-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64purple0-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libfinch0-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpurple-devel-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpurple0-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-bonjour-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-client-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-gevolution-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-i18n-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-meanwhile-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-mono-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-perl-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-plugins-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-silc-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-tcl-2.6.6-0.1mdv2009.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-001.NASL description Security vulnerabilities has been identified and fixed in pidgin : The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.5, which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43853 published 2010-01-12 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43853 title Mandriva Linux Security Advisory : pidgin (MDVSA-2010:001) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:001. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(43853); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2009-3615", "CVE-2010-0013"); script_bugtraq_id(37524); script_xref(name:"MDVSA", value:"2010:001"); script_name(english:"Mandriva Linux Security Advisory : pidgin (MDVSA-2010:001)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security vulnerabilities has been identified and fixed in pidgin : The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.5, which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"http://pidgin.im/news/security/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64finch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfinch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-bonjour"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-gevolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-meanwhile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-mono"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-silc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-tcl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"finch-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64finch0-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64purple-devel-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64purple0-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libfinch0-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libpurple-devel-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libpurple0-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-bonjour-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-client-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-gevolution-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-i18n-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-meanwhile-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-mono-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-perl-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-plugins-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-silc-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-tcl-2.6.5-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"finch-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64finch0-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64purple-devel-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64purple0-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libfinch0-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libpurple-devel-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libpurple0-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-bonjour-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-client-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-gevolution-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-i18n-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-meanwhile-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-mono-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-perl-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-plugins-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-silc-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"pidgin-tcl-2.6.5-0.1mdv2009.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2014-06-30T04:11:29.228-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| description | Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:844 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2004-03-09T12:00:00.000-04:00 | ||||||||||||||||
| title | MSN Messenger Remote File Access Vulnerability | ||||||||||||||||
| version | 10 |
References
- http://www.kb.cert.org/vuls/id/688094
- http://www.securityfocus.com/bid/9828
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15427
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844