Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2927

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2927
Last Modified 02 Nov 2013 10:38:02
Published 07 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2927

Summary

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

Vulnerable Systems

Application

  • Adium 1.0

  • Adium 1.0.1

  • Adium 1.0.2

  • Adium 1.0.3

  • Adium 1.0.4

  • Adium 1.0.5

  • Adium 1.1

  • Adium 1.1.1

  • Adium 1.1.2

  • Adium 1.1.3

  • Adium 1.1.4

  • Adium 1.2.7

  • Pidgin 2.0.0

  • Pidgin 2.0.1

  • Pidgin 2.0.2

  • Pidgin 2.1.0

  • Pidgin 2.1.1

  • Pidgin 2.2.0

  • Pidgin 2.2.1

  • Pidgin 2.2.2

  • Pidgin 2.3.0

  • Pidgin 2.3.1

  • Pidgin 2.4.0

  • Pidgin 2.4.1

  • Pidgin 2.4.2


References

CONFIRM - https://issues.rpath.com/browse/RPL-2647

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=453764

XF - adium-msnprotocol-code-execution(44774)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-054

VUPEN - ADV-2008-2032

SECTRACK - 1020451

BID - 29956

BUGTRAQ - 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

BUGTRAQ - 20080806 rPSA-2008-0246-1 gaim

BUGTRAQ - 20080625 Pidgin 2.4.1 Vulnerability

REDHAT - RHSA-2008:0584

CONFIRM - http://www.pidgin.im/news/security/?id=25

MLIST - [oss-security] 20080703 Re: Re: CVE Request (pidgin)

MLIST - [oss-security] 20080704 Re: Re: CVE Request (pidgin)

MANDRIVA - MDVSA-2009:127

MANDRIVA - MDVSA-2008:143

DEBIAN - DSA-1610

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246

SECUNIA - 31642

SECUNIA - 31387

SECUNIA - 31105

SECUNIA - 31016

SECUNIA - 30971

CONFIRM - http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c

CONFIRM - http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c

UBUNTU - USN-675-2

UBUNTU - USN-675-1

SECUNIA - 32861

SECUNIA - 32859


Last Updated: 27 May 2016 11:01:20