Vulnerabilities > CVE-2007-4996 - Remote Denial Of Service vulnerability in Pidgin 2.2.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
pidgin
nessus
NVD
Published: 2007-10-01
Updated: 2018-10-15

Summary

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."

Vulnerable Configurations

Part Description Count
Application
Pidgin
1

Nessus

NASL familyFedora Local Security Checks
NASL idFEDORA_2007-2368.NASL
descriptionMinor DOS fix and a great many other bug fixes in upstream
last seen2020-06-01
modified2020-06-02
plugin id27770
published2007-11-06
reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/27770
titleFedora 7 : pidgin-2.2.1-1.fc7 (2007-2368)
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2007-2368.
#

include("compat.inc");

if (description)
{
  script_id(27770);
  script_version ("1.13");
  script_cvs_date("Date: 2019/08/02 13:32:25");

  script_cve_id("CVE-2007-4996");
  script_xref(name:"FEDORA", value:"2007-2368");

  script_name(english:"Fedora 7 : pidgin-2.2.1-1.fc7 (2007-2368)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Minor DOS fix and a great many other bug fixes in upstream's 2.2.1
release.

http://developer.pidgin.im/wiki/ChangeLog Upstream changelog.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://developer.pidgin.im/wiki/ChangeLog
  script_set_attribute(
    attribute:"see_also",
    value:"https://developer.pidgin.im/wiki/ChangeLog"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004006.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?76a415a0"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:finch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:finch-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpurple");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpurple-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpurple-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libpurple-tcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pidgin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pidgin-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pidgin-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pidgin-perl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/10/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC7", reference:"finch-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"finch-devel-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"libpurple-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"libpurple-devel-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"libpurple-perl-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"libpurple-tcl-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"pidgin-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"pidgin-debuginfo-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"pidgin-devel-2.2.1-1.fc7")) flag++;
if (rpm_check(release:"FC7", reference:"pidgin-perl-2.2.1-1.fc7")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc");
}

Oval

accepted2013-09-30T04:00:58.605-04:00
classvulnerability
contributors
nameShane Shaffer
organizationG2, Inc.
definition_extensions
commentPidgin is installed
ovaloval:org.mitre.oval:def:12366
descriptionlibpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
familywindows
idoval:org.mitre.oval:def:18261
statusaccepted
submitted2013-08-16T15:36:10.221-04:00
titlelibpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
version4

Statements

contributorMark J Cox
lastmodified2007-10-04
organizationRed Hat
statementNot vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References