Vulnerabilities > CVE-2013-6477 - Numeric Errors vulnerability in Pidgin
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_FINCH-140508.NASL description The pidgin Instant Messenger has been updated to fix various security issues : - Remotely triggerable crash in IRC argument parsing. (CVE-2014-0020) - Buffer overflow in SIMPLE header parsing. (CVE-2013-6490) - Buffer overflow in MXit emoticon parsing. (CVE-2013-6489) - Buffer overflow in Gadu-Gadu HTTP parsing. (CVE-2013-6487) - Pidgin uses clickable links to untrusted executables. (CVE-2013-6486) - Buffer overflow parsing chunked HTTP responses. (CVE-2013-6485) - Crash reading response from STUN server. (CVE-2013-6484) - XMPP doesn last seen 2020-06-05 modified 2014-05-24 plugin id 74173 published 2014-05-24 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74173 title SuSE 11.3 Security Update : finch (SAT Patch Number 9213) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(74173); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6152", "CVE-2013-6477", "CVE-2013-6478", "CVE-2013-6479", "CVE-2013-6481", "CVE-2013-6482", "CVE-2013-6483", "CVE-2013-6484", "CVE-2013-6485", "CVE-2013-6486", "CVE-2013-6487", "CVE-2013-6489", "CVE-2013-6490", "CVE-2014-0020"); script_name(english:"SuSE 11.3 Security Update : finch (SAT Patch Number 9213)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The pidgin Instant Messenger has been updated to fix various security issues : - Remotely triggerable crash in IRC argument parsing. (CVE-2014-0020) - Buffer overflow in SIMPLE header parsing. (CVE-2013-6490) - Buffer overflow in MXit emoticon parsing. (CVE-2013-6489) - Buffer overflow in Gadu-Gadu HTTP parsing. (CVE-2013-6487) - Pidgin uses clickable links to untrusted executables. (CVE-2013-6486) - Buffer overflow parsing chunked HTTP responses. (CVE-2013-6485) - Crash reading response from STUN server. (CVE-2013-6484) - XMPP doesn't verify 'from' on some iq replies. (CVE-2013-6483) - NULL pointer dereference parsing SOAP data in MSN. (CVE-2013-6482) - NULL pointer dereference parsing OIM data in MSN. (CVE-2013-6482) - NULL pointer dereference parsing headers in MSN. (CVE-2013-6482) - Remote crash reading Yahoo! P2P message. (CVE-2013-6481) - Remote crash parsing HTTP responses. (CVE-2013-6479) - Crash when hovering pointer over a long URL. (CVE-2013-6478) - Crash handling bad XMPP timestamp. (CVE-2013-6477) - Yahoo! remote crash from incorrect character encoding. (CVE-2012-6152)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=861019" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6152.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6477.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6478.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6479.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6481.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6482.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6483.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6484.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6485.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6486.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6487.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6489.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6490.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0020.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9213."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpurple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpurple-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpurple-meanwhile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpurple-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:pidgin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"finch-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libpurple-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libpurple-lang-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libpurple-meanwhile-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libpurple-tcl-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"pidgin-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"finch-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpurple-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpurple-lang-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpurple-meanwhile-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpurple-tcl-2.6.6-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"pidgin-2.6.6-0.23.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS11_PIDGIN_20140731.NASL description The remote Solaris system is missing necessary patches to address security updates : - The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. (CVE-2012-6152) - The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. (CVE-2013-0271) - Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. (CVE-2013-0272) - sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-0273) - upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. (CVE-2013-0274) - Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. (CVE-2013-6477) - gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. (CVE-2013-6478) - util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. (CVE-2013-6479) - libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. (CVE-2013-6481) - Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. (CVE-2013-6482) - The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. (CVE-2013-6483) - The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. (CVE-2013-6484) - Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. (CVE-2013-6485) - gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. (CVE-2013-6486) - Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. (CVE-2013-6487) - Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. (CVE-2013-6489) - The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. (CVE-2013-6490) - The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. (CVE-2014-0020) last seen 2020-06-01 modified 2020-06-02 plugin id 80740 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80740 title Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80740); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2012-6152", "CVE-2013-0271", "CVE-2013-0272", "CVE-2013-0273", "CVE-2013-0274", "CVE-2013-6477", "CVE-2013-6478", "CVE-2013-6479", "CVE-2013-6481", "CVE-2013-6482", "CVE-2013-6483", "CVE-2013-6484", "CVE-2013-6485", "CVE-2013-6486", "CVE-2013-6487", "CVE-2013-6489", "CVE-2013-6490", "CVE-2014-0020"); script_name(english:"Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin2)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. (CVE-2012-6152) - The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. (CVE-2013-0271) - Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. (CVE-2013-0272) - sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-0273) - upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. (CVE-2013-0274) - Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. (CVE-2013-6477) - gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. (CVE-2013-6478) - util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. (CVE-2013-6479) - libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. (CVE-2013-6481) - Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. (CVE-2013-6482) - The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. (CVE-2013-6483) - The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. (CVE-2013-6484) - Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. (CVE-2013-6485) - gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. (CVE-2013-6486) - Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. (CVE-2013-6487) - Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. (CVE-2013-6489) - The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. (CVE-2013-6490) - The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. (CVE-2014-0020)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-pidgin script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?07a786a5" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.2."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:pidgin"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^pidgin$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.2.0.0.0.0", sru:"11.2 SRU 0") > 0) flag++; if (flag) { error_extra = 'Affected package : pidgin\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "pidgin");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0139.NASL description Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6485) Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin (Gadu-Gadu, MXit, SIMPLE). A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6487, CVE-2013-6489, CVE-2013-6490) Multiple denial of service flaws were found in several protocol plug-ins in Pidgin (Yahoo!, XMPP, MSN, stun, IRC). A remote attacker could use these flaws to crash Pidgin by sending a specially crafted message. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6481, CVE-2013-6482, CVE-2013-6484, CVE-2014-0020) It was found that the Pidgin XMPP protocol plug-in did not verify the origin of last seen 2020-06-01 modified 2020-06-02 plugin id 72352 published 2014-02-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72352 title CentOS 5 / 6 : pidgin (CESA-2014:0139) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0139 and # CentOS Errata and Security Advisory 2014:0139 respectively. # include("compat.inc"); if (description) { script_id(72352); script_version("1.11"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2012-6152", "CVE-2013-6477", "CVE-2013-6478", "CVE-2013-6479", "CVE-2013-6481", "CVE-2013-6482", "CVE-2013-6483", "CVE-2013-6484", "CVE-2013-6485", "CVE-2013-6487", "CVE-2013-6489", "CVE-2013-6490", "CVE-2014-0020"); script_bugtraq_id(65188, 65192, 65195, 65243, 65492); script_xref(name:"RHSA", value:"2014:0139"); script_name(english:"CentOS 5 / 6 : pidgin (CESA-2014:0139)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6485) Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin (Gadu-Gadu, MXit, SIMPLE). A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6487, CVE-2013-6489, CVE-2013-6490) Multiple denial of service flaws were found in several protocol plug-ins in Pidgin (Yahoo!, XMPP, MSN, stun, IRC). A remote attacker could use these flaws to crash Pidgin by sending a specially crafted message. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6481, CVE-2013-6482, CVE-2013-6484, CVE-2014-0020) It was found that the Pidgin XMPP protocol plug-in did not verify the origin of 'iq' replies. A remote attacker could use this flaw to spoof an 'iq' reply, which could lead to injection of fake data or cause Pidgin to crash via a NULL pointer dereference. (CVE-2013-6483) A flaw was found in the way Pidgin parsed certain HTTP response headers. A remote attacker could use this flaw to crash Pidgin via a specially crafted HTTP response header. (CVE-2013-6479) It was found that Pidgin crashed when a mouse pointer was hovered over a long URL. A remote attacker could use this flaw to crash Pidgin by sending a message containing a long URL string. (CVE-2013-6478) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Thijs Alkemade, Robert Vehse, Jaime Breva Ribes, Jacob Appelbaum of the Tor Project, Daniel Atallah, Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen, Matt Jones of Volvent, and Yves Younan, Ryan Pentney, and Pawel Janic of Sourcefire VRT as the original reporters of these issues. All pidgin users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Pidgin must be restarted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2014-February/020141.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1ef12403" ); # https://lists.centos.org/pipermail/centos-announce/2014-February/020142.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6a6dc642" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6490"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:finch-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libpurple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libpurple-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libpurple-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pidgin-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pidgin-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"finch-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"finch-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"libpurple-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"libpurple-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"libpurple-perl-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"libpurple-tcl-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"pidgin-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"pidgin-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"pidgin-perl-2.6.6-32.el5")) flag++; if (rpm_check(release:"CentOS-6", reference:"finch-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"finch-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"libpurple-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"libpurple-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"libpurple-perl-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"libpurple-tcl-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"pidgin-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"pidgin-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"pidgin-docs-2.7.9-27.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"pidgin-perl-2.7.9-27.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0139.NASL description Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6485) Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin (Gadu-Gadu, MXit, SIMPLE). A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6487, CVE-2013-6489, CVE-2013-6490) Multiple denial of service flaws were found in several protocol plug-ins in Pidgin (Yahoo!, XMPP, MSN, stun, IRC). A remote attacker could use these flaws to crash Pidgin by sending a specially crafted message. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6481, CVE-2013-6482, CVE-2013-6484, CVE-2014-0020) It was found that the Pidgin XMPP protocol plug-in did not verify the origin of last seen 2020-06-01 modified 2020-06-02 plugin id 72364 published 2014-02-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72364 title RHEL 5 / 6 : pidgin (RHSA-2014:0139) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0139. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(72364); script_version("1.14"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2012-6152", "CVE-2013-6477", "CVE-2013-6478", "CVE-2013-6479", "CVE-2013-6481", "CVE-2013-6482", "CVE-2013-6483", "CVE-2013-6484", "CVE-2013-6485", "CVE-2013-6487", "CVE-2013-6489", "CVE-2013-6490", "CVE-2014-0020"); script_bugtraq_id(65188, 65192, 65195, 65243); script_xref(name:"RHSA", value:"2014:0139"); script_name(english:"RHEL 5 / 6 : pidgin (RHSA-2014:0139)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6485) Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin (Gadu-Gadu, MXit, SIMPLE). A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6487, CVE-2013-6489, CVE-2013-6490) Multiple denial of service flaws were found in several protocol plug-ins in Pidgin (Yahoo!, XMPP, MSN, stun, IRC). A remote attacker could use these flaws to crash Pidgin by sending a specially crafted message. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6481, CVE-2013-6482, CVE-2013-6484, CVE-2014-0020) It was found that the Pidgin XMPP protocol plug-in did not verify the origin of 'iq' replies. A remote attacker could use this flaw to spoof an 'iq' reply, which could lead to injection of fake data or cause Pidgin to crash via a NULL pointer dereference. (CVE-2013-6483) A flaw was found in the way Pidgin parsed certain HTTP response headers. A remote attacker could use this flaw to crash Pidgin via a specially crafted HTTP response header. (CVE-2013-6479) It was found that Pidgin crashed when a mouse pointer was hovered over a long URL. A remote attacker could use this flaw to crash Pidgin by sending a message containing a long URL string. (CVE-2013-6478) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Thijs Alkemade, Robert Vehse, Jaime Breva Ribes, Jacob Appelbaum of the Tor Project, Daniel Atallah, Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen, Matt Jones of Volvent, and Yves Younan, Ryan Pentney, and Pawel Janic of Sourcefire VRT as the original reporters of these issues. All pidgin users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Pidgin must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"http://www.pidgin.im/news/security/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0139" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6483" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6482" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6481" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6487" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6485" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6484" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6489" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0020" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6477" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-6152" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6478" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6479" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6490" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:finch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:finch-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpurple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpurple-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpurple-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpurple-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pidgin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pidgin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pidgin-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pidgin-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pidgin-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0139"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"finch-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"finch-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"finch-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"finch-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"libpurple-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"libpurple-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"libpurple-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"libpurple-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"libpurple-perl-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"libpurple-perl-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"libpurple-tcl-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"libpurple-tcl-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"pidgin-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"pidgin-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"pidgin-debuginfo-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"pidgin-debuginfo-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"pidgin-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"pidgin-devel-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"pidgin-perl-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"pidgin-perl-2.6.6-32.el5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"finch-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"finch-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"finch-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"finch-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libpurple-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libpurple-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libpurple-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libpurple-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libpurple-perl-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libpurple-perl-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libpurple-tcl-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libpurple-tcl-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"pidgin-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"pidgin-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"pidgin-debuginfo-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"pidgin-debuginfo-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"pidgin-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"pidgin-devel-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"pidgin-docs-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"pidgin-docs-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"pidgin-perl-2.7.9-27.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"pidgin-perl-2.7.9-27.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc"); } }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-034-01.NASL description New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 72265 published 2014-02-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72265 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : pidgin (SSA:2014-034-01) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1999.NASL description Update to 2.10.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-17 plugin id 72519 published 2014-02-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72519 title Fedora 19 : pidgin-2.10.9-1.fc19 (2014-1999) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0139.NASL description From Red Hat Security Advisory 2014:0139 : Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6485) Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin (Gadu-Gadu, MXit, SIMPLE). A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6487, CVE-2013-6489, CVE-2013-6490) Multiple denial of service flaws were found in several protocol plug-ins in Pidgin (Yahoo!, XMPP, MSN, stun, IRC). A remote attacker could use these flaws to crash Pidgin by sending a specially crafted message. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6481, CVE-2013-6482, CVE-2013-6484, CVE-2014-0020) It was found that the Pidgin XMPP protocol plug-in did not verify the origin of last seen 2020-06-01 modified 2020-06-02 plugin id 72362 published 2014-02-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72362 title Oracle Linux 6 : pidgin (ELSA-2014-0139) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2100-1.NASL description Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2012-6152) Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6477) It was discovered that Pidgin incorrecly handled long URLs. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6478) Jacob Appelbaum discovered that Pidgin incorrectly handled certain HTTP responses. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6479) Daniel Atallah discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6481) Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin incorrectly handled the MSN protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6482) Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin incorrectly handled XMPP iq replies. A remote attacker could use this issue to spoof messages. (CVE-2013-6483) It was discovered that Pidgin incorrectly handled STUN server responses. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6484) Matt Jones discovered that Pidgin incorrectly handled certain chunked HTTP responses. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6485) Yves Younan and Ryan Pentney discovered that Pidgin incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6487) Yves Younan and Pawel Janic discovered that Pidgin incorrectly handled MXit emoticons. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6489) Yves Younan discovered that Pidgin incorrectly handled SIMPLE headers. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6490) Daniel Atallah discovered that Pidgin incorrectly handled IRC argument parsing. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2014-0020). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2014-02-07 plugin id 72386 published 2014-02-07 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72386 title Ubuntu 12.04 LTS / 12.10 / 13.10 : pidgin vulnerabilities (USN-2100-1) NASL family Windows NASL id PIDGIN_2_10_8.NASL description The version of Pidgin installed on the remote host is a version prior to 2.10.8. It is, therefore, potentially affected by the following vulnerabilities : - The bundled version of Pango has an error that can lead to an application crash when rendering fonts and attempting to display certain Unicode characters. - Errors exist related to handling unspecified characters, incorrect character encoding, incorrect XMPP timestamps, hovering a pointer over a long URL, unspecified HTTP responses, Yahoo! P2P messages, STUN responses, and IRC arguments that could cause application crashes and denial of service conditions. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6484, CVE-2014-0020) - Errors exist related to handling MSN SOAP, MSN OIM, and MSN header content that could cause application crashes when NULL pointers are dereferenced. (CVE-2013-6482) - An error exists related XMPP content such that the last seen 2020-06-01 modified 2020-06-02 plugin id 72282 published 2014-02-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72282 title Pidgin < 2.10.8 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2859.NASL description Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client : - CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. - CVE-2013-6478 Pidgin could be crashed through overly wide tooltip windows. - CVE-2013-6479 Jacob Appelbaum discovered that a malicious server or a last seen 2020-03-17 modified 2014-02-12 plugin id 72439 published 2014-02-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72439 title Debian DSA-2859-1 : pidgin - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201405-22.NASL description The remote host is affected by the vulnerability described in GLSA-201405-22 (Pidgin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the Pidgin process, cause a Denial of Service condition, overwrite files, or spoof traffic. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 74064 published 2014-05-19 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74064 title GLSA-201405-22 : Pidgin: Multiple vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20140205_PIDGIN_ON_SL5_X.NASL description A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6485) Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin (Gadu-Gadu, MXit, SIMPLE). A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6487, CVE-2013-6489, CVE-2013-6490) Multiple denial of service flaws were found in several protocol plug-ins in Pidgin (Yahoo!, XMPP, MSN, stun, IRC). A remote attacker could use these flaws to crash Pidgin by sending a specially crafted message. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6481, CVE-2013-6482, CVE-2013-6484, CVE-2014-0020) It was found that the Pidgin XMPP protocol plug-in did not verify the origin of last seen 2020-03-18 modified 2014-02-06 plugin id 72365 published 2014-02-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72365 title Scientific Linux Security Update : pidgin on SL5.x, SL6.x i386/x86_64 (20140205) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-132.NASL description - Update to version 2.10.8 (bnc#861019) : + General: Python build scripts and example plugins are now compatible with Python 3 (pidgin.im#15624). + libpurple : - Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server (CVE-2013-6484). - Fix potential crash parsing a malformed HTTP response (CVE-2013-6479). - Fix buffer overflow when parsing a malformed HTTP response with chunked Transfer-Encoding (CVE-2013-6485). - Better handling of HTTP proxy responses with negative Content-Lengths. - Fix handling of SSL certificates without subjects when using libnss. - Fix handling of SSL certificates with timestamps in the distant future when using libnss (pidgin.im#15586). - Impose maximum download size for all HTTP fetches. + Pidgin : - Fix crash displaying tooltip of long URLs (CVE-2013-6478). - Better handling of URLs longer than 1000 letters. - Fix handling of multibyte UTF-8 characters in smiley themes (pidgin.im#15756). + AIM: Fix untrusted certificate error. + AIM and ICQ: Fix a possible crash when receiving a malformed message in a Direct IM session. + Gadu-Gadu : - Fix buffer overflow with remote code execution potential. Only triggerable by a Gadu-Gadu server or a man-in-the-middle (CVE-2013-6487). - Disabled buddy list import/export from/to server. - Disabled new account registration and password change options. + IRC : - Fix bug where a malicious server or man-in-the-middle could trigger a crash by not sending enough arguments with various messages (CVE-2014-0020). - Fix bug where initial IRC status would not be set correctly. - Fix bug where IRC wasn last seen 2020-06-05 modified 2014-06-13 plugin id 75256 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75256 title openSUSE Security Update : pidgin / pidgin-branding-openSUSE (openSUSE-SU-2014:0239-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-2013.NASL description Update to 2.10.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-06 plugin id 72359 published 2014-02-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72359 title Fedora 20 : pidgin-2.10.9-1.fc20 (2014-2013)
Redhat
advisories |
| ||||
rpms |
|
References
- http://hg.pidgin.im/pidgin/main/rev/852014ae74a0
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html
- http://pidgin.im/news/security/?id=71
- http://www.debian.org/security/2014/dsa-2859
- http://www.ubuntu.com/usn/USN-2100-1
- https://rhn.redhat.com/errata/RHSA-2014-0139.html