Vulnerabilities > CVE-2010-2528 - Resource Management Errors vulnerability in Pidgin
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-240-05.NASL description New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48922 published 2010-08-29 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48922 title Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2010-240-05) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2010-240-05. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(48922); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2010-2528"); script_bugtraq_id(41881); script_xref(name:"SSA", value:"2010-240-05"); script_name(english:"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2010-240-05)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?135101d0" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"12.0", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"current", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_143318-03.NASL description GNOME 2.6.0_x86: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10 last seen 2020-06-01 modified 2020-06-02 plugin id 108035 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108035 title Solaris 10 (x86) : 143318-03 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108035); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2009-3615", "CVE-2010-0277", "CVE-2010-1624", "CVE-2010-2528"); script_name(english:"Solaris 10 (x86) : 143318-03"); script_summary(english:"Check for patch 143318-03"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 143318-03" ); script_set_attribute( attribute:"description", value: "GNOME 2.6.0_x86: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/143318-03" ); script_set_attribute(attribute:"solution", value:"Install patch 143318-03"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:143318"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"143318-03", obsoleted_by:"", package:"SUNWgnome-im-client", version:"2.6.0,REV=10.0.3.2004.12.16.18.56") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWgnome-im-client"); }
NASL family Windows NASL id PIDGIN_2_7_2.NASL description The version of Pidgin installed on the remote host is earlier than 2.7.2. Such versions have a denial of service vulnerability when processing a malformed X-Status message due to a reference to a NULL pointer in the oscar protocol plugin. last seen 2020-06-01 modified 2020-06-02 plugin id 47802 published 2010-07-22 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47802 title Pidgin X-Status NULL Pointer Denial of Service code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47802); script_version("1.7"); script_cvs_date("Date: 2018/07/24 18:56:13"); script_cve_id("CVE-2010-2528"); script_bugtraq_id(41881); script_xref(name:"Secunia", value:"40699"); script_name(english:"Pidgin X-Status NULL Pointer Denial of Service"); script_summary(english:"Does a version check"); script_set_attribute( attribute:"synopsis", value: "An instant messaging client installed on the remote Windows host is affected by a denial of service vulnerability." ); script_set_attribute( attribute:"description", value: "The version of Pidgin installed on the remote host is earlier than 2.7.2. Such versions have a denial of service vulnerability when processing a malformed X-Status message due to a reference to a NULL pointer in the oscar protocol plugin." ); script_set_attribute( attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=47" ); script_set_attribute( attribute:"solution", value:"Upgrade to Pidgin 2.7.2 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date",value:"2010/07/21"); script_set_attribute(attribute:"patch_publication_date",value:"2010/07/21"); script_set_attribute(attribute:"plugin_publication_date",value:"2010/07/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:pidgin:pidgin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("pidgin_installed.nasl"); script_require_keys("SMB/Pidgin/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Pidgin/Version"); # Versions < 2.7.2 are affected res = ver_compare(ver: version, fix: '2.7.2', strict: FALSE); if (res < 0) { port = get_kb_item("SMB/transport"); if(report_verbosity > 0) { report = '\n Installed version : '+version+ '\n Fixed version : 2.7.2\n'; security_warning(port:port, extra:report); } else security_warning(port); } else exit(0, "Version " + version + " is not affected.");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-148.NASL description A security vulnerability has been identified and fixed in pidgin : The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element (CVE-2010-2528). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. This update provides pidgin 2.7.3, which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48318 published 2010-08-13 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48318 title Mandriva Linux Security Advisory : pidgin (MDVSA-2010:148) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:148. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(48318); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2010-2528"); script_bugtraq_id(41881); script_xref(name:"MDVSA", value:"2010:148"); script_name(english:"Mandriva Linux Security Advisory : pidgin (MDVSA-2010:148)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A security vulnerability has been identified and fixed in pidgin : The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element (CVE-2010-2528). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. This update provides pidgin 2.7.3, which is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"http://pidgin.im/news/security/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64finch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfinch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-bonjour"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-gevolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-meanwhile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-silc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-tcl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"finch-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64finch0-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64purple-devel-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64purple0-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libfinch0-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libpurple-devel-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libpurple0-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-bonjour-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-client-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-gevolution-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-i18n-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-meanwhile-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-perl-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-plugins-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-silc-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-tcl-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"finch-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64finch0-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64purple-devel-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64purple0-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libfinch0-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpurple-devel-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpurple0-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-bonjour-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-client-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-gevolution-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-i18n-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-meanwhile-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-perl-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-plugins-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-silc-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-tcl-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"finch-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64finch0-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64purple-devel-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64purple0-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libfinch0-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libpurple-devel-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libpurple0-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-bonjour-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-client-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-i18n-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-meanwhile-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-perl-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-plugins-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-silc-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-tcl-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"finch-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64finch0-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64purple-devel-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64purple0-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libfinch0-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpurple-devel-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpurple0-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-bonjour-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-client-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-i18n-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-meanwhile-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-perl-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-plugins-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-silc-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-tcl-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2010-11321.NASL description New release to address a security issue and a couple of bugfixes Details at http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47841 published 2010-07-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47841 title Fedora 13 : pidgin-2.7.2-1.fc13 (2010-11321) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-11321. # include("compat.inc"); if (description) { script_id(47841); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-2528"); script_bugtraq_id(40138, 41881); script_xref(name:"FEDORA", value:"2010-11321"); script_name(english:"Fedora 13 : pidgin-2.7.2-1.fc13 (2010-11321)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New release to address a security issue and a couple of bugfixes Details at http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://developer.pidgin.im/wiki/ChangeLog script_set_attribute( attribute:"see_also", value:"https://developer.pidgin.im/wiki/ChangeLog" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=617105" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044518.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?30810c82" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"pidgin-2.7.2-1.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin"); }
NASL family Solaris Local Security Checks NASL id SOLARIS10_143317-03.NASL description GNOME 2.6.0: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107540 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107540 title Solaris 10 (sparc) : 143317-03 NASL family Fedora Local Security Checks NASL id FEDORA_2010-11315.NASL description New release to address a security issue and a couple of bugfixes Details at http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48206 published 2010-08-02 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48206 title Fedora 12 : pidgin-2.7.2-1.fc12 (2010-11315)
Oval
accepted | 2013-09-30T04:01:07.534-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
definition_extensions |
| ||||
description | The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element. | ||||
family | windows | ||||
id | oval:org.mitre.oval:def:18359 | ||||
status | accepted | ||||
submitted | 2013-08-16T15:36:10.221-04:00 | ||||
title | The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element | ||||
version | 4 |
References
- http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c
- http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0
- http://secunia.com/advisories/40699
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873
- http://www.osvdb.org/66506
- http://www.pidgin.im/news/security/index.php?id=47
- http://www.securityfocus.com/bid/41881
- http://www.vupen.com/english/advisories/2010/1887
- http://www.vupen.com/english/advisories/2010/2221
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60566
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359