Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3532

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3532
Last Modified 02 Nov 2013 10:39:12
Published 08 Aug 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3532

Summary

The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

Vulnerable Systems

Application

  • Pidgin 2.4.3


References

CONFIRM - http://developer.pidgin.im/ticket/6500

XF - pidgin-ssl-spoofing(44220)

VUPEN - ADV-2008-2318

REDHAT - RHSA-2008:1023

MANDRIVA - MDVSA-2009:025

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm

SECUNIA - 33102

SECUNIA - 31390

CONFIRM - http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch

MISC - http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434

UBUNTU - USN-675-1

BID - 30553

SECUNIA - 32859


Last Updated: 27 May 2016 10:55:04