Vulnerabilities > CVE-2015-8833 - Unspecified vulnerability in Cypherpunks Pidgin-Otr
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-397.NASL description This update to pidgin-otr 4.0.2 fixes the following issue : - CVE-2015-8833: use-after-free issue during SMP (boo#970498) It also contains new and updated translations. last seen 2020-06-05 modified 2016-03-25 plugin id 90172 published 2016-03-25 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90172 title openSUSE Security Update : pidgin-otr (openSUSE-2016-397) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-397. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(90172); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-8833"); script_name(english:"openSUSE Security Update : pidgin-otr (openSUSE-2016-397)"); script_summary(english:"Check for the openSUSE-2016-397 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update to pidgin-otr 4.0.2 fixes the following issue : - CVE-2015-8833: use-after-free issue during SMP (boo#970498) It also contains new and updated translations." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=970498" ); script_set_attribute( attribute:"solution", value:"Update the affected pidgin-otr packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pidgin-otr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pidgin-otr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pidgin-otr-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"pidgin-otr-4.0.2-7.8.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"pidgin-otr-debuginfo-4.0.2-7.8.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"pidgin-otr-debugsource-4.0.2-7.8.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"pidgin-otr-4.0.2-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"pidgin-otr-debuginfo-4.0.2-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"pidgin-otr-debugsource-4.0.2-7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin-otr / pidgin-otr-debuginfo / pidgin-otr-debugsource"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-10.NASL description The remote host is affected by the vulnerability described in GLSA-201701-10 (libotr, Pidgin OTR: Remote execution of arbitrary code) Multiple vulnerabilities exist in both libotr and Pidgin OTR. Please review the CVE identifiers for more information. Impact : A remote attacker could send a specially crafted message, possibly resulting in the execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96241 published 2017-01-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96241 title GLSA-201701-10 : libotr, Pidgin OTR: Remote execution of arbitrary code NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3528.NASL description Stefan Sperling discovered that pidgin-otr, a Pidgin plugin implementing Off-The-Record messaging, contained a use-after-free bug. This could be used by a malicious remote user to intentionally crash the application, thus causing a denial-of-service. last seen 2020-06-01 modified 2020-06-02 plugin id 90126 published 2016-03-24 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90126 title Debian DSA-3528-1 : pidgin-otr - security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_77E0B631E6CF11E585BE14DAE9D210B8.NASL description Hanno Bock reports : The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function create_smp_dialog. last seen 2020-06-01 modified 2020-06-02 plugin id 89853 published 2016-03-11 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89853 title FreeBSD : pidgin-otr -- use after free (77e0b631-e6cf-11e5-85be-14dae9d210b8) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0912-1.NASL description This update for pidgin-otr fixes the following issues : - CVE-2015-8833: A heap based use-after-free issue was fixed in pidgin-otr that could lead to crashes or potential code execution. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 90304 published 2016-04-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90304 title SUSE SLED12 Security Update : pidgin-otr (SUSE-SU-2016:0912-1)
References
- http://www.openwall.com/lists/oss-security/2016/03/09/8
- https://bugs.otr.im/issues/128
- https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html
- http://www.openwall.com/lists/oss-security/2016/03/09/13
- https://bugs.otr.im/issues/88
- https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002582.html
- https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
- http://www.securityfocus.com/bid/84295
- http://www.debian.org/security/2016/dsa-3528
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html
- https://security.gentoo.org/glsa/201701-10