Vulnerabilities > CVE-2013-0274 - Unspecified vulnerability in Pidgin
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL pidgin
nessus
Summary
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_FINCH-8475.NASL description pidgin was updated to fix 4 security issues : - Fixed a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274, bnc#804742) - Fixed a crash in Sametime protocol when a malicious server sends us an abnormally long user ID. (CVE-2013-0273, bnc#804742) - Fixed a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272, bnc#804742) - Fixed a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271, bnc#804742) last seen 2020-06-05 modified 2013-03-05 plugin id 65026 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65026 title SuSE 10 Security Update : pidgin (ZYPP Patch Number 8475) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(65026); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-0271", "CVE-2013-0272", "CVE-2013-0273", "CVE-2013-0274"); script_name(english:"SuSE 10 Security Update : pidgin (ZYPP Patch Number 8475)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "pidgin was updated to fix 4 security issues : - Fixed a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274, bnc#804742) - Fixed a crash in Sametime protocol when a malicious server sends us an abnormally long user ID. (CVE-2013-0273, bnc#804742) - Fixed a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272, bnc#804742) - Fixed a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271, bnc#804742)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0271.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0272.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0273.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0274.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8475."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"finch-2.6.6-0.20.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"libpurple-2.6.6-0.20.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"pidgin-2.6.6-0.20.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0646.NASL description Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65555 published 2013-03-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65555 title CentOS 5 / 6 : pidgin (CESA-2013:0646) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0646 and # CentOS Errata and Security Advisory 2013:0646 respectively. # include("compat.inc"); if (description) { script_id(65555); script_version("1.11"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2013-0272", "CVE-2013-0273", "CVE-2013-0274"); script_bugtraq_id(57951, 57954); script_xref(name:"RHSA", value:"2013:0646"); script_name(english:"CentOS 5 / 6 : pidgin (CESA-2013:0646)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2013-March/019647.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bd80b17d" ); # https://lists.centos.org/pipermail/centos-announce/2013-March/019648.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7bafa02c" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0272"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:finch-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libpurple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libpurple-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libpurple-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pidgin-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pidgin-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"finch-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"finch-devel-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"libpurple-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"libpurple-devel-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"libpurple-perl-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"libpurple-tcl-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"pidgin-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"pidgin-devel-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"pidgin-perl-2.6.6-17.el5_9.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"finch-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"finch-devel-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"libpurple-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"libpurple-devel-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"libpurple-perl-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"libpurple-tcl-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"pidgin-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"pidgin-devel-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"pidgin-docs-2.7.9-10.el6_4.1")) flag++; if (rpm_check(release:"CentOS-6", reference:"pidgin-perl-2.7.9-10.el6_4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS11_PIDGIN_20140731.NASL description The remote Solaris system is missing necessary patches to address security updates : - The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. (CVE-2012-6152) - The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. (CVE-2013-0271) - Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. (CVE-2013-0272) - sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-0273) - upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. (CVE-2013-0274) - Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. (CVE-2013-6477) - gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. (CVE-2013-6478) - util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. (CVE-2013-6479) - libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. (CVE-2013-6481) - Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. (CVE-2013-6482) - The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. (CVE-2013-6483) - The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. (CVE-2013-6484) - Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. (CVE-2013-6485) - gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. (CVE-2013-6486) - Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. (CVE-2013-6487) - Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. (CVE-2013-6489) - The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. (CVE-2013-6490) - The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. (CVE-2014-0020) last seen 2020-06-01 modified 2020-06-02 plugin id 80740 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80740 title Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80740); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2012-6152", "CVE-2013-0271", "CVE-2013-0272", "CVE-2013-0273", "CVE-2013-0274", "CVE-2013-6477", "CVE-2013-6478", "CVE-2013-6479", "CVE-2013-6481", "CVE-2013-6482", "CVE-2013-6483", "CVE-2013-6484", "CVE-2013-6485", "CVE-2013-6486", "CVE-2013-6487", "CVE-2013-6489", "CVE-2013-6490", "CVE-2014-0020"); script_name(english:"Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin2)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. (CVE-2012-6152) - The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. (CVE-2013-0271) - Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. (CVE-2013-0272) - sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-0273) - upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. (CVE-2013-0274) - Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. (CVE-2013-6477) - gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. (CVE-2013-6478) - util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. (CVE-2013-6479) - libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. (CVE-2013-6481) - Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. (CVE-2013-6482) - The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. (CVE-2013-6483) - The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. (CVE-2013-6484) - Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. (CVE-2013-6485) - gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. (CVE-2013-6486) - Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. (CVE-2013-6487) - Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. (CVE-2013-6489) - The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. (CVE-2013-6490) - The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. (CVE-2014-0020)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-pidgin script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?07a786a5" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.2."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:pidgin"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^pidgin$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.2.0.0.0.0", sru:"11.2 SRU 0") > 0) flag++; if (flag) { error_extra = 'Affected package : pidgin\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "pidgin");NASL family Scientific Linux Local Security Checks NASL id SL_20130314_PIDGIN_ON_SL5_X.NASL description A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Pidgin must be restarted for this update to take effect. last seen 2020-03-18 modified 2013-03-15 plugin id 65565 published 2013-03-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65565 title Scientific Linux Security Update : pidgin on SL5.x, SL6.x i386/x86_64 (20130314) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-231.NASL description Pidgin was updated to 2.10.7 to fix various security issues and the bug that IRC did not work at all in 12.3. Changes : - Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the IRC module to be loaded (bnc#806975). - Update to version 2.10.7 (bnc#804742) : + Alien hatchery : - No changes + General : - The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments. (pidgin.im#15316) + libpurple : - Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274) - Don last seen 2020-06-05 modified 2014-06-13 plugin id 74934 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74934 title openSUSE Security Update : pidgin (openSUSE-SU-2013:0511-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_549787C1891611E2854968B599B52A02.NASL description Pidgin reports : libpurple Fix a crash when receiving UPnP responses with abnormally long values. MXit Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. Sametime Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. last seen 2020-06-01 modified 2020-06-02 plugin id 65184 published 2013-03-11 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65184 title FreeBSD : libpurple -- multiple vulnerabilities (549787c1-8916-11e2-8549-68b599b52a02) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0646.NASL description From Red Hat Security Advisory 2013:0646 : Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68791 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68791 title Oracle Linux 6 : pidgin (ELSA-2013-0646) NASL family Windows NASL id PIDGIN_2_10_7.NASL description The version of Pidgin installed on the remote host is earlier than 2.10.7. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the last seen 2020-06-01 modified 2020-06-02 plugin id 64670 published 2013-02-18 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64670 title Pidgin < 2.10.7 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201405-22.NASL description The remote host is affected by the vulnerability described in GLSA-201405-22 (Pidgin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the Pidgin process, cause a Denial of Service condition, overwrite files, or spoof traffic. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 74064 published 2014-05-19 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74064 title GLSA-201405-22 : Pidgin: Multiple vulnerabilities NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-044-01.NASL description New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64622 published 2013-02-14 reporter This script is Copyright (C) 2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64622 title Slackware 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : pidgin (SSA:2013-044-01) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0646.NASL description Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65561 published 2013-03-15 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65561 title RHEL 5 / 6 : pidgin (RHSA-2013:0646) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1746-1.NASL description Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-0271) It was discovered that Pidgin incorrectly handled long HTTP headers in the MXit protocol handler. A malicious remote server could use this issue to execute arbitrary code. (CVE-2013-0272) It was discovered that Pidgin incorrectly handled long user IDs in the Sametime protocol handler. A malicious remote server could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-0273) It was discovered that Pidgin incorrectly handled long strings when processing UPnP responses. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-0274). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64890 published 2013-02-26 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64890 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : pidgin vulnerabilities (USN-1746-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-177.NASL description pidgin was updated to fix security issues : - Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274) - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273) - Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.(CVE-2013-0272) - Fix a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271) last seen 2020-06-05 modified 2014-06-13 plugin id 74915 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74915 title openSUSE Security Update : pidgin (openSUSE-SU-2013:0405-1) NASL family SuSE Local Security Checks NASL id SUSE_11_FINCH-130227.NASL description pidgin was updated to fix 4 security issues : - Fixed a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274, bnc#804742) - Fixed a crash in Sametime protocol when a malicious server sends us an abnormally long user ID. (CVE-2013-0273, bnc#804742) - Fixed a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272, bnc#804742) - Fixed a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271, bnc#804742) last seen 2020-06-05 modified 2013-03-05 plugin id 65024 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65024 title SuSE 11.2 Security Update : pidgin (SAT Patch Number 7429)
Oval
| accepted | 2013-09-30T04:00:55.947-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| definition_extensions |
| ||||
| description | upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. | ||||
| family | windows | ||||
| id | oval:org.mitre.oval:def:18221 | ||||
| status | accepted | ||||
| submitted | 2013-08-16T15:36:10.221-04:00 | ||||
| title | upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network | ||||
| version | 4 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html
- http://www.pidgin.im/news/security/?id=68
- http://www.ubuntu.com/usn/USN-1746-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221