Vulnerabilities > CVE-2010-0277 - Resource Management Errors vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
adium
pidgin
CWE-399
nessus

Summary

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0115.NASL
    descriptionUpdated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id44666
    published2010-02-19
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44666
    titleRHEL 4 / 5 : pidgin (RHSA-2010:0115)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_FINCH-100219.NASL
    descriptionThis update of pidgin fixes various security vulnerabilities - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol. - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch. - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it.
    last seen2020-06-01
    modified2020-06-02
    plugin id44979
    published2010-03-04
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44979
    titleopenSUSE Security Update : finch (finch-2032)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100218_PIDGIN_ON_SL4_X.NASL
    descriptionCVE-2010-0277 pidgin MSN protocol plugin memory corruption CVE-2010-0420 pidgin: Finch XMPP MUC Crash CVE-2010-0423 pidgin: Smiley Denial of Service An input sanitization flaw was found in the way Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id60738
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60738
    titleScientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-069-01.NASL
    descriptionNew pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix denial of service issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id45024
    published2010-03-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45024
    titleSlackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2010-069-01)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A2C4D3D54C7B11DF83FB0015587E2CC1.NASL
    descriptionThree denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows : Pidgin can become unresponsive when displaying large numbers of smileys Certain nicknames in group chat rooms can trigger a crash in Finch Failure to validate all fields of an incoming message can trigger a crash
    last seen2020-06-01
    modified2020-06-02
    plugin id45585
    published2010-04-21
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45585
    titleFreeBSD : pidgin -- multiple remote denial of service vulnerabilities (a2c4d3d5-4c7b-11df-83fb-0015587e2cc1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_FINCH-100219.NASL
    descriptionThis update of pidgin fixes various security vulnerabilities - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol. - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch. - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it.
    last seen2020-06-01
    modified2020-06-02
    plugin id44982
    published2010-03-04
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44982
    titleopenSUSE Security Update : finch (finch-2032)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1279.NASL
    description2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47244
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47244
    titleFedora 11 : pidgin-2.6.6-1.fc11 (2010-1279)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-902-1.NASL
    descriptionFabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277) Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420) Antti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. (CVE-2010-0423). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id44688
    published2010-02-23
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44688
    titleUbuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-902-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FINCH-100219.NASL
    descriptionThis update of pidgin fixes various security vulnerabilities : - Remote file disclosure vulnerability by using the MSN protocol. (CVE-2010-0013: CVSS v2 Base Score: 4.3 : Path Traversal (CWE-22)) - MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. (CVE-2010-0277: CVSS v2 Base Score: 4.9 : Resource Management Errors (CWE-399)) - Same nick names in XMPP MUC lead to a crash in finch. (CVE-2010-0420) - A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0423)
    last seen2020-06-01
    modified2020-06-02
    plugin id44965
    published2010-03-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44965
    titleSuSE 11 Security Update : pidgin (SAT Patch Number 2019)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1383.NASL
    description2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47252
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47252
    titleFedora 12 : pidgin-2.6.6-1.fc12 (2010-1383)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-041.NASL
    descriptionMultiple security vulnerabilities has been identified and fixed in pidgin : Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing
    last seen2020-06-01
    modified2020-06-02
    plugin id44664
    published2010-02-19
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44664
    titleMandriva Linux Security Advisory : pidgin (MDVSA-2010:041)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_143318-03.NASL
    descriptionGNOME 2.6.0_x86: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10
    last seen2020-06-01
    modified2020-06-02
    plugin id108035
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108035
    titleSolaris 10 (x86) : 143318-03
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_143317.NASL
    descriptionGNOME 2.6.0: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10 This plugin has been deprecated and either replaced with individual 143317 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id71656
    published2013-12-28
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=71656
    titleSolaris 10 (sparc) : 143317-03 (deprecated)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0115.NASL
    descriptionUpdated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id44671
    published2010-02-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44671
    titleCentOS 4 / 5 : pidgin (CESA-2010:0115)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_143318.NASL
    descriptionGNOME 2.6.0_x86: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10 This plugin has been deprecated and either replaced with individual 143318 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id71703
    published2013-12-28
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=71703
    titleSolaris 10 (x86) : 143318-03 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FINCH-6861.NASL
    descriptionThis update of pidgin fixes various security vulnerabilities : - Remote file disclosure vulnerability by using the MSN protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. CVE-2010-0420: Same nick names in XMPP MUC lead to a crash in finch. CVE-2010-0423: A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22))
    last seen2020-06-01
    modified2020-06-02
    plugin id51728
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51728
    titleSuSE 10 Security Update : pidgin (ZYPP Patch Number 6861)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FINCH-6856.NASL
    descriptionThis update of pidgin fixes various security vulnerabilities : - Remote file disclosure vulnerability by using the MSN protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. CVE-2010-0420: Same nick names in XMPP MUC lead to a crash in finch. CVE-2010-0423: A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22))
    last seen2020-06-01
    modified2020-06-02
    plugin id51727
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51727
    titleSuSE 10 Security Update : pidgin (ZYPP Patch Number 6856)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_FINCH-100219.NASL
    descriptionThis update of pidgin fixes various security vulnerabilities - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol. - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch. - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it.
    last seen2020-06-01
    modified2020-06-02
    plugin id44976
    published2010-03-04
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44976
    titleopenSUSE Security Update : finch (finch-2032)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-085.NASL
    descriptionSecurity vulnerabilities has been identified and fixed in pidgin : The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing
    last seen2020-06-01
    modified2020-06-02
    plugin id46177
    published2010-04-29
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46177
    titleMandriva Linux Security Advisory : pidgin (MDVSA-2010:085)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_143317-03.NASL
    descriptionGNOME 2.6.0: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10
    last seen2020-06-01
    modified2020-06-02
    plugin id107540
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107540
    titleSolaris 10 (sparc) : 143317-03
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1934.NASL
    description2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47286
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47286
    titleFedora 13 : pidgin-2.6.6-1.fc13 (2010-1934)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0115.NASL
    descriptionFrom Red Hat Security Advisory 2010:0115 : Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin
    last seen2020-06-01
    modified2020-06-02
    plugin id68001
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68001
    titleOracle Linux 4 : pidgin (ELSA-2010-0115)

Oval

  • accepted2013-09-30T04:01:05.961-04:00
    classvulnerability
    contributors
    nameShane Shaffer
    organizationG2, Inc.
    definition_extensions
    commentPidgin is installed
    ovaloval:org.mitre.oval:def:12366
    descriptionslp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
    familywindows
    idoval:org.mitre.oval:def:18348
    statusaccepted
    submitted2013-08-16T15:36:10.221-04:00
    titleslp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013
    version4
  • accepted2013-04-29T04:19:18.591-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionslp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
    familyunix
    idoval:org.mitre.oval:def:9421
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleslp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
    version27

Redhat

advisories
rhsa
idRHSA-2010:0115
rpms
  • finch-0:2.6.6-1.el4
  • finch-0:2.6.6-1.el5
  • finch-devel-0:2.6.6-1.el4
  • finch-devel-0:2.6.6-1.el5
  • libpurple-0:2.6.6-1.el4
  • libpurple-0:2.6.6-1.el5
  • libpurple-devel-0:2.6.6-1.el4
  • libpurple-devel-0:2.6.6-1.el5
  • libpurple-perl-0:2.6.6-1.el4
  • libpurple-perl-0:2.6.6-1.el5
  • libpurple-tcl-0:2.6.6-1.el4
  • libpurple-tcl-0:2.6.6-1.el5
  • pidgin-0:2.6.6-1.el4
  • pidgin-0:2.6.6-1.el5
  • pidgin-debuginfo-0:2.6.6-1.el4
  • pidgin-debuginfo-0:2.6.6-1.el5
  • pidgin-devel-0:2.6.6-1.el4
  • pidgin-devel-0:2.6.6-1.el5
  • pidgin-perl-0:2.6.6-1.el4
  • pidgin-perl-0:2.6.6-1.el5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 38294 CVE ID: CVE-2010-0277,CVE-2010-0420,CVE-2010-0423 Pidgin是支持多种协议的即时通讯客户端。 Pidgin的MSN协议实现处理MSNSLP邀请的方式存在输入过滤漏洞,远程攻击者可以发送特制的INVITE请求导致拒绝服务(内存破坏和 Pidgin崩溃)。 Finch的XMPP聊天实现在使用多用户会话时存在拒绝服务漏洞。如果多用户聊天会话中的Finch用户要将昵称更改为包含有HTML br元素,就会导致Finch崩溃。 Pidgin处理表情符图形的方式存在拒绝服务漏洞。远程攻击者可以在相互通讯中向受害用户发送大量的表情符图形,导致过多的CPU使用率。 Pidgin < 2.6.6 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2010:0115-01)以及相应补丁: RHSA-2010:0115-01:Moderate: pidgin security update 链接:https://www.redhat.com/support/errata/RHSA-2010-0115.html Pidgin ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://developer.pidgin.im/wiki/ChangeLog
idSSV:19202
last seen2017-11-19
modified2010-03-02
published2010-03-02
reporterRoot
titlePidgin多个拒绝服务漏洞

Statements

contributorTomas Hoger
lastmodified2010-02-22
organizationRed Hat
statementThis issue was addressed for Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0115.html We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the MSN protocol support in the provided version of Pidgin (1.5.1) is out-dated and no longer supported by MSN servers. There are no plans to backport MSN protocol changes for that version of Pidgin.