Pidgin Multiple Vulnerabilities Feb 2014 (Windows)
Vulnerability | Severity
|
Host | Location | Actions | ||||||||||||||||
192.168.1.10 | general/tcp | |||||||||||||||||||
SummaryThe host is installed with Pidgin and is prone to multiple vulnerabilities.
Vulnerability Detection ResultVulnerability was detected according to the Vulnerability Detection Method.
ImpactSuccessful exploitation will allow remote attackers to conduct denial of service or execute arbitrary programs or spoof iq traffic.
Impact Level: System/Application SolutionUpgrade to Pidgin version 2.10.8 or later, For updates refer to http://www.pidgin.im/
Vulnerability InsightThe flaws are due to an, – Improper validation of data by the Yahoo protocol plugin. – Improper validation of argument counts by IRC protocol plugin. – Improper validation of input to content-length header. – Integer signedness error in the ‘MXit’ functionality. – Integer overflow in ‘ibpurple/protocols/gg/lib/http.c’ in the ‘Gadu-Gadu’ (gg) parser. – Error due to incomplete fix for earlier flaw. – Integer overflow condition in the ‘process_chunked_data’ function in ‘util.c’. – Error in ‘STUN’ protocol implementation in ‘libpurple’. – Error in the ‘XMPP’ protocol plugin in ‘libpurple’. – Error in the MSN module. – Improper validation of the length field in ‘libpurple/protocols/yahoo/libymsg.c’. – Improper allocation of memory by ‘util.c’ in ‘libpurple’. – Error in the libx11 library. – Multiple integer signedness errors in libpurple.
Vulnerability Detection MethodGet the installed version with the help of detect NVT and check the version is vulnerable or not.
Details: Pidgin Multiple Vulnerabilities Feb 2014 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.804314) Version used: $Revision: 302 $ References
|
Leave a Reply
Want to join the discussion?Feel free to contribute!