Vulnerabilities > CVE-2010-2528 - Resource Management Errors vulnerability in Pidgin

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

pidgin

CWE-399

nessus

NVD

Published: 2010-07-30

Updated: 2017-09-19

Summary

The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.

Vulnerable Configurations

Part	Description	Count
Application	Pidgin Pidgin Pidgin 2.0.0 Pidgin Pidgin 2.0.1 Pidgin Pidgin 2.0.2 Pidgin Pidgin 2.1.0 Pidgin Pidgin 2.1.1 Pidgin Pidgin 2.2.0 Pidgin Pidgin 2.2.1 Pidgin Pidgin 2.2.2 Pidgin Pidgin 2.3.0 Pidgin Pidgin 2.3.1 Pidgin Pidgin 2.4.0 Pidgin Pidgin 2.4.1 Pidgin Pidgin 2.4.2 Pidgin Pidgin 2.4.3 Pidgin Pidgin 2.5.0 Pidgin Pidgin 2.5.1 Pidgin Pidgin 2.5.2 Pidgin Pidgin 2.5.3 Pidgin Pidgin 2.5.4 Pidgin Pidgin 2.5.5 Pidgin Pidgin 2.5.6 Pidgin Pidgin 2.5.7 Pidgin Pidgin 2.5.8 Pidgin Pidgin 2.5.9 Pidgin Pidgin 2.6.0 Pidgin Pidgin 2.6.1 Pidgin Pidgin 2.6.2 Pidgin Pidgin 2.6.4 Pidgin Pidgin 2.6.5 Pidgin Pidgin 2.6.6 Pidgin Pidgin 2.7.0 Pidgin Pidgin - Pidgin Pidgin 1.5.1 Pidgin Pidgin 2.6.3 Pidgin Pidgin 2.7.1	35

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2010-240-05.NASL
description	New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	48922
published	2010-08-29
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48922
title	Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2010-240-05)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2010-240-05. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(48922); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2010-2528"); script_bugtraq_id(41881); script_xref(name:"SSA", value:"2010-240-05"); script_name(english:"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2010-240-05)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?135101d0" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"12.0", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"current", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"pidgin", pkgver:"2.7.3", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_143318-03.NASL
description	GNOME 2.6.0_x86: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10
last seen	2020-06-01
modified	2020-06-02
plugin id	108035
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108035
title	Solaris 10 (x86) : 143318-03
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108035); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2009-3615", "CVE-2010-0277", "CVE-2010-1624", "CVE-2010-2528"); script_name(english:"Solaris 10 (x86) : 143318-03"); script_summary(english:"Check for patch 143318-03"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 143318-03" ); script_set_attribute( attribute:"description", value: "GNOME 2.6.0_x86: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/143318-03" ); script_set_attribute(attribute:"solution", value:"Install patch 143318-03"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:143318"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"143318-03", obsoleted_by:"", package:"SUNWgnome-im-client", version:"2.6.0,REV=10.0.3.2004.12.16.18.56") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWgnome-im-client"); }

NASL family	Windows
NASL id	PIDGIN_2_7_2.NASL
description	The version of Pidgin installed on the remote host is earlier than 2.7.2. Such versions have a denial of service vulnerability when processing a malformed X-Status message due to a reference to a NULL pointer in the oscar protocol plugin.
last seen	2020-06-01
modified	2020-06-02
plugin id	47802
published	2010-07-22
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/47802
title	Pidgin X-Status NULL Pointer Denial of Service
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47802); script_version("1.7"); script_cvs_date("Date: 2018/07/24 18:56:13"); script_cve_id("CVE-2010-2528"); script_bugtraq_id(41881); script_xref(name:"Secunia", value:"40699"); script_name(english:"Pidgin X-Status NULL Pointer Denial of Service"); script_summary(english:"Does a version check"); script_set_attribute( attribute:"synopsis", value: "An instant messaging client installed on the remote Windows host is affected by a denial of service vulnerability." ); script_set_attribute( attribute:"description", value: "The version of Pidgin installed on the remote host is earlier than 2.7.2. Such versions have a denial of service vulnerability when processing a malformed X-Status message due to a reference to a NULL pointer in the oscar protocol plugin." ); script_set_attribute( attribute:"see_also", value:"http://www.pidgin.im/news/security/?id=47" ); script_set_attribute( attribute:"solution", value:"Upgrade to Pidgin 2.7.2 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date",value:"2010/07/21"); script_set_attribute(attribute:"patch_publication_date",value:"2010/07/21"); script_set_attribute(attribute:"plugin_publication_date",value:"2010/07/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:pidgin:pidgin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("pidgin_installed.nasl"); script_require_keys("SMB/Pidgin/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Pidgin/Version"); # Versions < 2.7.2 are affected res = ver_compare(ver: version, fix: '2.7.2', strict: FALSE); if (res < 0) { port = get_kb_item("SMB/transport"); if(report_verbosity > 0) { report = '\n Installed version : '+version+ '\n Fixed version : 2.7.2\n'; security_warning(port:port, extra:report); } else security_warning(port); } else exit(0, "Version " + version + " is not affected.");

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2010-148.NASL
description	A security vulnerability has been identified and fixed in pidgin : The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element (CVE-2010-2528). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. This update provides pidgin 2.7.3, which is not vulnerable to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	48318
published	2010-08-13
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48318
title	Mandriva Linux Security Advisory : pidgin (MDVSA-2010:148)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:148. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(48318); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2010-2528"); script_bugtraq_id(41881); script_xref(name:"MDVSA", value:"2010:148"); script_name(english:"Mandriva Linux Security Advisory : pidgin (MDVSA-2010:148)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A security vulnerability has been identified and fixed in pidgin : The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element (CVE-2010-2528). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. This update provides pidgin 2.7.3, which is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"http://pidgin.im/news/security/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64finch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfinch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-bonjour"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-gevolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-meanwhile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-silc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-tcl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"finch-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64finch0-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64purple-devel-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64purple0-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libfinch0-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libpurple-devel-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libpurple0-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-bonjour-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-client-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-gevolution-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-i18n-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-meanwhile-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-perl-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-plugins-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-silc-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"pidgin-tcl-2.7.3-0.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"finch-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64finch0-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64purple-devel-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64purple0-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libfinch0-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpurple-devel-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpurple0-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-bonjour-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-client-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-gevolution-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-i18n-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-meanwhile-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-perl-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-plugins-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-silc-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-tcl-2.7.3-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"finch-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64finch0-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64purple-devel-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64purple0-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libfinch0-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libpurple-devel-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libpurple0-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-bonjour-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-client-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-i18n-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-meanwhile-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-perl-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-plugins-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-silc-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"pidgin-tcl-2.7.3-0.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"finch-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64finch0-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64purple-devel-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64purple0-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libfinch0-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpurple-devel-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpurple0-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-bonjour-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-client-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-i18n-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-meanwhile-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-perl-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-plugins-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-silc-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-tcl-2.7.3-0.1mdv2010.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-11321.NASL
description	New release to address a security issue and a couple of bugfixes Details at http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	47841
published	2010-07-27
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/47841
title	Fedora 13 : pidgin-2.7.2-1.fc13 (2010-11321)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-11321. # include("compat.inc"); if (description) { script_id(47841); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-2528"); script_bugtraq_id(40138, 41881); script_xref(name:"FEDORA", value:"2010-11321"); script_name(english:"Fedora 13 : pidgin-2.7.2-1.fc13 (2010-11321)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New release to address a security issue and a couple of bugfixes Details at http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://developer.pidgin.im/wiki/ChangeLog script_set_attribute( attribute:"see_also", value:"https://developer.pidgin.im/wiki/ChangeLog" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=617105" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044518.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?30810c82" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"pidgin-2.7.2-1.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin"); }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_143317-03.NASL
description	GNOME 2.6.0: Instant Messaging patch. Date this patch was last updated by Sun : Nov/30/10
last seen	2020-06-01
modified	2020-06-02
plugin id	107540
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107540
title	Solaris 10 (sparc) : 143317-03

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2010-11315.NASL
description	New release to address a security issue and a couple of bugfixes Details at http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	48206
published	2010-08-02
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/48206
title	Fedora 12 : pidgin-2.7.2-1.fc12 (2010-11315)

Oval

accepted

2013-09-30T04:01:07.534-04:00

class

vulnerability

contributors

name	Shane Shaffer
organization	G2, Inc.

definition_extensions

comment	Pidgin is installed
oval	oval:org.mitre.oval:def:12366

description

family

windows

oval:org.mitre.oval:def:18359

status

accepted

submitted

2013-08-16T15:36:10.221-04:00

title

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

References