Vulnerabilities > CVE-2011-3184 - Resource Management Errors vulnerability in Pidgin
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2011-11595.NASL description New release 2.10.0 Full Upstream ChangeLog : http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56101 published 2011-09-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56101 title Fedora 14 : pidgin-2.10.0-1.fc14 (2011-11595) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-11595. # include("compat.inc"); if (description) { script_id(56101); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2011-3184"); script_xref(name:"FEDORA", value:"2011-11595"); script_name(english:"Fedora 14 : pidgin-2.10.0-1.fc14 (2011-11595)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New release 2.10.0 Full Upstream ChangeLog : http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://developer.pidgin.im/wiki/ChangeLog script_set_attribute( attribute:"see_also", value:"https://developer.pidgin.im/wiki/ChangeLog" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=732405" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7c91cb05" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"pidgin-2.10.0-1.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin"); }
NASL family Windows NASL id PIDGIN_2_10_0.NASL description The version of Pidgin installed on the remote host is earlier than 2.10.0. As such, it is potentially affected by the following issues : - A code execution vulnerability caused by clicking on a file:// URI received in an IM that Pidgin will attempt to execute. This can result in the execution of attacker-controlled code if the file is located on a network share. (CVE-2011-3185) - A denial of service in the IRC protocol plugin caused by processing a specially crafted nickname when listing the set of users. (CVE-2011-2943) - A denial of service in the MSN protocol plugin caused by incorrect handling of HTTP 100 responses. This only affects users who have enabled the HTTP connection method, which is disabled by default. (CVE-2011-3184) last seen 2020-06-01 modified 2020-06-02 plugin id 55928 published 2011-08-22 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55928 title Pidgin < 2.10.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(55928); script_version("1.7"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2011-2943", "CVE-2011-3184", "CVE-2011-3185"); script_bugtraq_id(49268); script_name(english:"Pidgin < 2.10.0 Multiple Vulnerabilities"); script_summary(english:"Does a version check"); script_set_attribute( attribute:"synopsis", value: "An instant messaging client installed on the remote Windows host has multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Pidgin installed on the remote host is earlier than 2.10.0. As such, it is potentially affected by the following issues : - A code execution vulnerability caused by clicking on a file:// URI received in an IM that Pidgin will attempt to execute. This can result in the execution of attacker-controlled code if the file is located on a network share. (CVE-2011-3185) - A denial of service in the IRC protocol plugin caused by processing a specially crafted nickname when listing the set of users. (CVE-2011-2943) - A denial of service in the MSN protocol plugin caused by incorrect handling of HTTP 100 responses. This only affects users who have enabled the HTTP connection method, which is disabled by default. (CVE-2011-3184)" ); script_set_attribute(attribute:"see_also",value:"https://www.insomniasec.com/home"); script_set_attribute(attribute:"see_also",value:"https://www.securityfocus.com/archive/1/519391/30/0/threaded"); script_set_attribute(attribute:"see_also",value:"http://pidgin.im/news/security/?id=53"); script_set_attribute(attribute:"see_also",value:"http://pidgin.im/news/security/?id=54"); script_set_attribute(attribute:"see_also",value:"http://pidgin.im/news/security/?id=55"); script_set_attribute( attribute:"solution", value:"Upgrade to Pidgin 2.10.0 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/20"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:pidgin:pidgin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("pidgin_installed.nasl"); script_require_keys("SMB/Pidgin/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Pidgin/Version"); fixed_version = '2.10.0'; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { path = get_kb_item_or_exit("SMB/Pidgin/Path"); port = get_kb_item("SMB/transport"); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else exit(0, "Pidgin " + version + " is installed and hence not affected.");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1273-1.NASL description Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG messages in the Yahoo! protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2011-1091) Marius Wachtler discovered that Pidgin incorrectly handled HTTP 100 responses in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2011-3184) Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2011-3594). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56915 published 2011-11-22 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56915 title Ubuntu 10.04 LTS / 10.10 / 11.04 : pidgin vulnerabilities (USN-1273-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1273-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(56915); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-1091", "CVE-2011-3184", "CVE-2011-3594"); script_bugtraq_id(46837, 49268, 49912); script_xref(name:"USN", value:"1273-1"); script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 : pidgin vulnerabilities (USN-1273-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG messages in the Yahoo! protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2011-1091) Marius Wachtler discovered that Pidgin incorrectly handled HTTP 100 responses in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2011-3184) Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2011-3594). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1273-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|10\.10|11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"pidgin", pkgver:"1:2.6.6-1ubuntu4.4")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"pidgin", pkgver:"1:2.7.3-1ubuntu3.3")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"pidgin", pkgver:"1:2.7.11-1ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2011-11544.NASL description New release 2.10.0 Full Upstream ChangeLog : http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56015 published 2011-08-31 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56015 title Fedora 15 : pidgin-2.10.0-1.fc15 (2011-11544) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-11544. # include("compat.inc"); if (description) { script_id(56015); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2011-3184"); script_xref(name:"FEDORA", value:"2011-11544"); script_name(english:"Fedora 15 : pidgin-2.10.0-1.fc15 (2011-11544)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "New release 2.10.0 Full Upstream ChangeLog : http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://developer.pidgin.im/wiki/ChangeLog script_set_attribute( attribute:"see_also", value:"https://developer.pidgin.im/wiki/ChangeLog" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=732405" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d2c256d1" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"pidgin-2.10.0-1.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-132.NASL description Multiple vulnerabilities has been identified and fixed in pidgin : It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Using this structure, possibly containing a huge width and height, could lead to the application being terminated due to excessive memory use (CVE-2011-2485). Certain characters in the nicknames of IRC users can trigger a NULL pointer dereference in the IRC protocol plugin last seen 2020-06-01 modified 2020-06-02 plugin id 56109 published 2011-09-07 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56109 title Mandriva Linux Security Advisory : pidgin (MDVSA-2011:132-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2011:132. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(56109); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id( "CVE-2011-2485", "CVE-2011-2943", "CVE-2011-3184" ); script_bugtraq_id( 48425, 49268 ); script_xref(name:"MDVSA", value:"2011:132"); script_xref(name:"MDVSA", value:"2011:132-1"); script_name(english:"Mandriva Linux Security Advisory : pidgin (MDVSA-2011:132-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been identified and fixed in pidgin : It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Using this structure, possibly containing a huge width and height, could lead to the application being terminated due to excessive memory use (CVE-2011-2485). Certain characters in the nicknames of IRC users can trigger a NULL pointer dereference in the IRC protocol plugin's handling of responses to WHO requests. This can cause a crash on some operating systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected (CVE-2011-2943). Incorrect handling of HTTP 100 responses in the MSN protocol plugin can cause the application to attempt to access memory that it does not have access to. This only affects users who have turned on the HTTP connection method for their accounts (it's off by default). This might only be triggerable by a malicious server and not a malicious peer. We believe remote code execution is not possible (CVE-2011-3184). This update provides pidgin 2.10.0, which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"http://pidgin.im/news/security/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64finch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfinch0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-bonjour"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-gevolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-meanwhile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-silc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-tcl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2011/09/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"finch-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64finch0-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64purple-devel-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64purple0-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libfinch0-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpurple-devel-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpurple0-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-bonjour-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-client-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-gevolution-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-i18n-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-meanwhile-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-perl-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-plugins-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-silc-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"pidgin-tcl-2.10.0-0.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"finch-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64finch0-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64purple-devel-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64purple0-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libfinch0-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpurple-devel-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpurple0-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-bonjour-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-client-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-gevolution-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-i18n-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-meanwhile-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-perl-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-plugins-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-silc-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"pidgin-tcl-2.10.0-0.1mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"finch-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64finch0-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64purple-devel-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64purple0-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libfinch0-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libpurple-devel-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libpurple0-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-bonjour-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-client-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-gevolution-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-i18n-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-meanwhile-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-perl-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-plugins-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-silc-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"pidgin-tcl-2.10.0-0.1-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted | 2013-09-30T04:01:01.376-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
definition_extensions |
| ||||
description | The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. | ||||
family | windows | ||||
id | oval:org.mitre.oval:def:18284 | ||||
status | accepted | ||||
submitted | 2013-08-16T15:36:10.221-04:00 | ||||
title | The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message | ||||
version | 4 |
References
- http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c
- http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html
- http://pidgin.im/news/security/?id=54
- http://secunia.com/advisories/45663
- http://secunia.com/advisories/45916
- http://securitytracker.com/id?1025961
- http://www.openwall.com/lists/oss-security/2011/08/22/10
- http://www.openwall.com/lists/oss-security/2011/08/22/12
- http://www.openwall.com/lists/oss-security/2011/08/22/4
- http://www.openwall.com/lists/oss-security/2011/08/22/7
- http://www.securityfocus.com/bid/49268
- https://bugzilla.redhat.com/show_bug.cgi?id=732405
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69341
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284