Pidgin Multiple Vulnerabilities Feb 2014 (Windows)

Vulnerability Severity

Host Location Actions

Pidgin Multiple Vulnerabilities Feb 2014 (Windows)

10.0 (High)
192.168.1.10 general/tcp
Add Note
Add Override
SummaryThe host is installed with Pidgin and is prone to multiple vulnerabilities.

Vulnerability Detection ResultVulnerability was detected according to the Vulnerability Detection Method.

ImpactSuccessful exploitation will allow remote attackers to conduct denial of service or execute arbitrary programs or spoof iq traffic.

Impact Level: System/Application

SolutionUpgrade to Pidgin version 2.10.8 or later, For updates refer to http://www.pidgin.im/

Vulnerability InsightThe flaws are due to an, – Improper validation of data by the Yahoo protocol plugin. – Improper validation of argument counts by IRC protocol plugin. – Improper validation of input to content-length header. – Integer signedness error in the ‘MXit’ functionality. – Integer overflow in ‘ibpurple/protocols/gg/lib/http.c’ in the ‘Gadu-Gadu’ (gg) parser. – Error due to incomplete fix for earlier flaw. – Integer overflow condition in the ‘process_chunked_data’ function in ‘util.c’. – Error in ‘STUN’ protocol implementation in ‘libpurple’. – Error in the ‘XMPP’ protocol plugin in ‘libpurple’. – Error in the MSN module. – Improper validation of the length field in ‘libpurple/protocols/yahoo/libymsg.c’. – Improper allocation of memory by ‘util.c’ in ‘libpurple’. – Error in the libx11 library. – Multiple integer signedness errors in libpurple.

Vulnerability Detection MethodGet the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Pidgin Multiple Vulnerabilities Feb 2014 (Windows) (OID: 1.3.6.1.4.1.25623.1.0.804314)

Version used: $Revision: 302 $

References

CVE: CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6486, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
BID: 65492, 65243, 65189, 65188, 65192, 65195
CERT: DFN-CERT-2014-0676 , DFN-CERT-2014-0160 , DFN-CERT-2014-0123
Other: http://www.osvdb.com/102622
http://www.osvdb.com/102616
http://secunia.com/advisories/56693/
http://www.pidgin.im/news/security/?id=70
http://www.pidgin.im/news/security/?id=85
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.