Vulnerabilities > CVE-2009-2694 - Resource Management Errors vulnerability in multiple products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
adium
pidgin
CWE-399
critical
nessus
exploit available

Summary

The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPidgin MSN <= 2.5.8 Remote Code Execution Exploit. CVE-2009-1376,CVE-2009-2694. Remote exploit for windows platform
fileexploits/windows/remote/9615.jar
idEDB-ID:9615
last seen2016-02-01
modified2009-09-09
platformwindows
port
published2009-09-09
reporterPierre Nogues
sourcehttps://www.exploit-db.com/download/9615/
titlePidgin MSN <= 2.5.8 - Remote Code Execution Exploit
typeremote

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-10702.NASL
    descriptionThis update fixes : - Bug #529357 - CVE-2009-3615 Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42195
    published2009-10-22
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42195
    titleFedora 10 : pidgin-2.6.3-2.fc10 (2009-10702)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1870.NASL
    descriptionFederico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN. The first packet is used to create an SLP message object with an offset of zero, the second packet then contains a crafted offset which hits the vulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and allows an attacker to execute arbitrary code. Note: Users with the
    last seen2020-06-01
    modified2020-06-02
    plugin id44735
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44735
    titleDebian DSA-1870-1 : pidgin - insufficient input validation
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1060.NASL
    descriptionUpdated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) A denial of service flaw was found in Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id43751
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43751
    titleCentOS 4 / 5 : pidgin (CESA-2009:1060)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8804.NASL
    descriptionpidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input validation in msn_slplink_process_msg(). 2.6.0 has Voice and Video support via farsight2 (Fedora 11+ only) and numerous other bug fixes. farsight2, libnice and gupnp- igd are version upgrades to make voice and video actually work on Fedora 11. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40682
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40682
    titleFedora 11 : farsight2-0.0.14-1.fc11 / gupnp-igd-0.1.3-3.fc11 / libnice-0.0.9-1.fc11 / etc (2009-8804)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_59E7AF2D8DB711DE883B001E3300A30D.NASL
    descriptionSecunia reports : A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user
    last seen2020-06-01
    modified2020-06-02
    plugin id40691
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40691
    titleFreeBSD : pidgin -- MSN overflow parsing SLP messages (59e7af2d-8db7-11de-883b-001e3300a30d)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8826.NASL
    description2.6.1 fixes an issue where pidgin can crash if you are sent a certain type of URL over Yahoo. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40687
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40687
    titleFedora 10 : pidgin-2.6.1-1.fc10 (2009-8826)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-10662.NASL
    descriptionThis update fixes : - Bug #529357 - CVE-2009-3615 Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42193
    published2009-10-22
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42193
    titleFedora 11 : pidgin-2.6.3-2.fc11 (2009-10662)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-8523.NASL
    description2.7.0 with new features, bug fixes and a security fix for CVE-2010-1624 Full Upstream ChangeLog: * http://developer.pidgin.im/wiki/ChangeLog Fedora packaging changes: * Use System SSL Certificates * Add additional dependencies for Voice + Video Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47495
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47495
    titleFedora 11 : pidgin-2.7.0-2.fc11 (2010-8523)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200910-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200910-02 (Pidgin: Multiple vulnerabilities) Multiple vulnerabilities were found in Pidgin: Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message type, triggering an allocation of a large amount of memory (CVE-2009-1889). Federico Muttis of Core Security Technologies reported that the msn_slplink_process_msg() function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id42214
    published2009-10-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42214
    titleGLSA-200910-02 : Pidgin: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-886-1.NASL
    descriptionIt was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703) It was discovered that Pidgin did not properly enforce the
    last seen2020-06-01
    modified2020-06-02
    plugin id44057
    published2010-01-19
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44057
    titleUbuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-886-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8791.NASL
    descriptionpidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input validation in msn_slplink_process_msg() and numerous other bug fixes. Fedora 10 does not support voice and video with pidgin-2.6.0. Upgrade to Fedora 11 for this capability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40675
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40675
    titleFedora 10 : pidgin-2.6.0-1.fc10 (2009-8791)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1279.NASL
    description2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47244
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47244
    titleFedora 11 : pidgin-2.6.6-1.fc11 (2010-1279)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-820-1.NASL
    descriptionFederico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40752
    published2009-08-24
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40752
    titleUbuntu 8.04 LTS / 8.10 / 9.04 : pidgin vulnerability (USN-820-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1218.NASL
    descriptionUpdated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id40639
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40639
    titleRHEL 3 / 4 / 5 : pidgin (RHSA-2009:1218)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-231-02.NASL
    descriptionNew pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id40624
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40624
    titleSlackware 12.0 / 12.1 / 12.2 / current : pidgin (SSA:2009-231-02)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8874.NASL
    description2.6.1 fixes an issue where pidgin can crash if you are sent a certain type of URL over Yahoo. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40689
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40689
    titleFedora 11 : pidgin-2.6.1-1.fc11 (2009-8874)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090818_PIDGIN_ON_SL3_X.NASL
    descriptionCVE-2009-2694 pidgin: insufficient input validation in msn_slplink_process_msg() Federico Muttis of Core Security Technologies discovered a flaw in Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id60644
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60644
    titleScientific Linux Security Update : pidgin on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-321.NASL
    descriptionSecurity vulnerabilities has been identified and fixed in pidgin : The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. (CVE-2008-3532) Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. (CVE-2008-2955) The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. (CVE-2008-2957) Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third-party information (CVE-2009-1373). Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet (CVE-2009-1374). The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol (CVE-2009-1375). Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927 (CVE-2009-1376). The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory (CVE-2009-1889). The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376 (CVE-2009-2694). Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM (CVE-2009-3025) protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the require TLS/SSL preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions (CVE-2009-3026). libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string (CVE-2009-2703). The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client (CVE-2009-3083). The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect UTF16-LE charset name (CVE-2009-3084). The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images (CVE-2009-3085). This update provides pidgin 2.6.2, which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43024
    published2009-12-07
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43024
    titleMandriva Linux Security Advisory : pidgin (MDVSA-2009:321)
  • NASL familyWindows
    NASL idPIDGIN_2_5_9.NASL
    descriptionThe version of Pidgin installed on the remote host is earlier than 2.5.9. Such versions are reportedly affected by a vulnerability in
    last seen2020-06-01
    modified2020-06-02
    plugin id40663
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40663
    titlePidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1218.NASL
    descriptionFrom Red Hat Security Advisory 2009:1218 : Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id67912
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67912
    titleOracle Linux 3 / 4 : pidgin (ELSA-2009-1218)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1060.NASL
    descriptionFrom Red Hat Security Advisory 2009:1060 : Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) A denial of service flaw was found in Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id67863
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67863
    titleOracle Linux 4 : pidgin (ELSA-2009-1060)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-0429.NASL
    description - CVE-2010-0013 - A few other bug fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47184
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47184
    titleFedora 11 : pidgin-2.6.5-1.fc11 (2010-0429)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-230.NASL
    descriptionSecurity vulnerabilities has been identified and fixed in pidgin : The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376 (CVE-2009-2694). Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM (CVE-2009-3025) protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the require TLS/SSL preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions (CVE-2009-3026). libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string (CVE-2009-2703). The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client (CVE-2009-3083). The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect UTF16-LE charset name (CVE-2009-3084). The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images (CVE-2009-3085). This update provides pidgin 2.6.2, which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40966
    published2009-09-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40966
    titleMandriva Linux Security Advisory : pidgin (MDVSA-2009:230)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119548-14.NASL
    descriptionGNOME 2.6.0: Gnome Multi-protocol instant messaging client Patch. Date this patch was last updated by Sun : Dec/14/09
    last seen2020-06-01
    modified2020-06-02
    plugin id107319
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107319
    titleSolaris 10 (sparc) : 119548-14
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1218.NASL
    descriptionUpdated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id40625
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40625
    titleCentOS 3 / 5 : pidgin (CESA-2009:1218)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119549-14.NASL
    descriptionGNOME 2.6.0_x86: Gnome Multi-protocol instant messaging client Pat. Date this patch was last updated by Sun : Dec/11/09
    last seen2020-06-01
    modified2020-06-02
    plugin id107822
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107822
    titleSolaris 10 (x86) : 119549-14
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1060.NASL
    descriptionUpdated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) A denial of service flaw was found in Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id38872
    published2009-05-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38872
    titleRHEL 4 / 5 : pidgin (RHSA-2009:1060)

Oval

  • accepted2013-04-29T04:04:37.274-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionThe msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
    familyunix
    idoval:org.mitre.oval:def:10319
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
    version27
  • accepted2013-09-09T04:03:42.755-04:00
    classvulnerability
    contributors
    • nameChandan S
      organizationSecPod Technologies
    • nameShane Shaffer
      organizationG2, Inc.
    definition_extensions
    commentPidgin is installed
    ovaloval:org.mitre.oval:def:12366
    descriptionThe msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
    familywindows
    idoval:org.mitre.oval:def:6320
    statusaccepted
    submitted2009-09-24T03:13:11
    titlePidgin before 2.5.9 allow denial of service via SLP (aka MSNSLP) messages
    version4

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/81096/pidginmsn-exec.txt
idPACKETSTORM:81096
last seen2016-12-05
published2009-09-10
reporterPierre Nogues
sourcehttps://packetstormsecurity.com/files/81096/Pidgin-MSN-2.5.8-Code-Execution.html
titlePidgin MSN 2.5.8 Code Execution

Redhat

advisories
bugzilla
id514957
titleCVE-2009-2694 pidgin: insufficient input validation in msn_slplink_process_msg()
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentfinch is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218001
        • commentfinch is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20081023018
      • AND
        • commentlibpurple-perl is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218003
        • commentlibpurple-perl is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20081023016
      • AND
        • commentlibpurple is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218005
        • commentlibpurple is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20081023012
      • AND
        • commentpidgin is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218007
        • commentpidgin is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080584002
      • AND
        • commentpidgin-perl is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218009
        • commentpidgin-perl is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20081023002
      • AND
        • commentpidgin-devel is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218011
        • commentpidgin-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20081023006
      • AND
        • commentfinch-devel is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218013
        • commentfinch-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20081023010
      • AND
        • commentlibpurple-devel is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218015
        • commentlibpurple-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20081023004
      • AND
        • commentlibpurple-tcl is earlier than 0:2.5.9-1.el4
          ovaloval:com.redhat.rhsa:tst:20091218017
        • commentlibpurple-tcl is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20081023014
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibpurple is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218020
        • commentlibpurple is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584007
      • AND
        • commentpidgin is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218022
        • commentpidgin is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584011
      • AND
        • commentpidgin-perl is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218024
        • commentpidgin-perl is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584017
      • AND
        • commentpidgin-devel is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218026
        • commentpidgin-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584019
      • AND
        • commentlibpurple-devel is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218028
        • commentlibpurple-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584021
      • AND
        • commentfinch-devel is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218030
        • commentfinch-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584009
      • AND
        • commentlibpurple-tcl is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218032
        • commentlibpurple-tcl is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584013
      • AND
        • commentfinch is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218034
        • commentfinch is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584005
      • AND
        • commentlibpurple-perl is earlier than 0:2.5.9-1.el5
          ovaloval:com.redhat.rhsa:tst:20091218036
        • commentlibpurple-perl is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080584015
rhsa
idRHSA-2009:1218
released2009-08-18
severityCritical
titleRHSA-2009:1218: pidgin security update (Critical)
rpms
  • finch-0:2.5.9-1.el4
  • finch-0:2.5.9-1.el5
  • finch-devel-0:2.5.9-1.el4
  • finch-devel-0:2.5.9-1.el5
  • libpurple-0:2.5.9-1.el4
  • libpurple-0:2.5.9-1.el5
  • libpurple-devel-0:2.5.9-1.el4
  • libpurple-devel-0:2.5.9-1.el5
  • libpurple-perl-0:2.5.9-1.el4
  • libpurple-perl-0:2.5.9-1.el5
  • libpurple-tcl-0:2.5.9-1.el4
  • libpurple-tcl-0:2.5.9-1.el5
  • pidgin-0:1.5.1-4.el3
  • pidgin-0:2.5.9-1.el4
  • pidgin-0:2.5.9-1.el5
  • pidgin-debuginfo-0:1.5.1-4.el3
  • pidgin-debuginfo-0:2.5.9-1.el4
  • pidgin-debuginfo-0:2.5.9-1.el5
  • pidgin-devel-0:2.5.9-1.el4
  • pidgin-devel-0:2.5.9-1.el5
  • pidgin-perl-0:2.5.9-1.el4
  • pidgin-perl-0:2.5.9-1.el5

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:12249
    last seen2017-11-19
    modified2009-09-11
    published2009-09-11
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-12249
    titlePidgin MSN &lt;= 2.5.8 Remote Code Execution Exploit
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:66870
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-66870
    titlePidgin MSN <= 2.5.8 - Remote Code Execution Exploit
  • bulletinFamilyexploit
    descriptionCVE(CAN) ID: CVE-2009-2694 Pidgin是支持多种协议的即时通讯客户端。 Pidgin和其他一些即时消息客户端所使用的Libpurple库中存在内存破坏漏洞,远程攻击者可以通过向聊天客户端发送特制的MSNSLP报文触发这个漏洞,导致执行任意代码。 攻击需要发送两个连续的MSNSLP消息,第一个用于对slpmsg存储会话id,第二个用于触发漏洞,最终目标是到达msn_slplink_process_msg()中的memcpy()调用。需要创建偏移为非0的MSNSLP消息,因为这个值是memcpy()的目标。 因为偏移非0,所以在调用msn_slplink_message_find()返回NULL时会出现第一个问题: /----------- if (offset == 0) { .. construct a new slpmsg .. } else { slpmsg = msn_slplink_message_find(slplink, msg-&gt;msnslp_header.session_id, msg-&gt;msnslp_header.id); } if (slpmsg == NULL) { /* Probably the transfer was canceled */ purple_debug_error(&quot;msn&quot;, &quot;Couldn't find slpmsg\n&quot;); return; } - -----------/ 因此,slpmsg必须为非空,这就是为什么需要发送两次消息才能进行攻击。发送的第一个MSNSLP消息偏移为0,用于创建slpmsg对象,Libpurple会存储这个对象;第二个MSNSLP消息的偏移非0,但由于Libpurple已经存储了第一个MSNSLP消息,因此调用msn_slplink_message_find()会有效的返回之前的对象而不是NULL: /----------- if (slpmsg-&gt;fp) { /* fseek(slpmsg-&gt;fp, offset, SEEK_SET); */ len = fwrite(data, 1, len, slpmsg-&gt;fp); } else if (slpmsg-&gt;size) { if (G_MAXSIZE - len &lt; offset || (offset='' + len='') &gt; slpmsg-&gt;size) { purple_debug_error(&quot;msn&quot;, &quot;Oversized slpmsg - msgsize=%lld offset=%&quot; G_GSIZE_FORMAT &quot; len=%&quot; G_GSIZE_FORMAT &quot;\n&quot;, slpmsg-&gt;size, offset, len); g_return_if_reached(); } else memcpy(slpmsg-&gt;buffer + offset, data, len); } - -----------/ 例如,如果创建的第一个MSNSLP消息大小为0x01ffffff,第二个消息的偏移为小于0x01ffffff - len的任意值,就满足了任意写入的条件。 最后,以小于0x01ffffff - len的任意偏移值到达了memcpy(),缓冲区指向0。这意味着可以向低于0x01ffffff - len的任意位置写入数据内容。 Rob Flynn Gaim &gt;= 0.79 Pidgin Pidgin 2.5.8 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1218-01)以及相应补丁: RHSA-2009:1218-01:Critical: pidgin security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1218.html Pidgin ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.pidgin.im/news/security/?id=34
    idSSV:12092
    last seen2017-11-19
    modified2009-08-21
    published2009-08-21
    reporterRoot
    titlePidgin Libpurple库msn_slplink_process_msg()函数内存破坏漏洞