Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1376

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1376
Last Modified 02 Nov 2013 10:49:40
Published 26 May 2009 11:30:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1376

Summary

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.

Vulnerable Systems

Application

  • Pidgin 2.4.0

  • Pidgin 2.4.1

  • Pidgin 2.4.2

  • Pidgin 2.4.3

  • Pidgin 2.5.0

  • Pidgin 2.5.2

  • Pidgin 2.5.3

  • Pidgin 2.5.4

  • Pidgin 2.5.5


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=500493

FEDORA - FEDORA-2009-5597

FEDORA - FEDORA-2009-5583

FEDORA - FEDORA-2009-5552

XF - pidgin-msn-slp-bo(50680)

VUPEN - ADV-2009-1396

UBUNTU - USN-781-2

UBUNTU - USN-781-1

BID - 35067

REDHAT - RHSA-2009:1060

REDHAT - RHSA-2009:1059

CONFIRM - http://www.pidgin.im/news/security/?id=32

MANDRIVA - MDVSA-2009:173

MANDRIVA - MDVSA-2009:140

GENTOO - GLSA-200905-07

SECUNIA - 37071

SECUNIA - 35330

SECUNIA - 35329

SECUNIA - 35294

SECUNIA - 35215

SECUNIA - 35202

SECUNIA - 35194

SECUNIA - 35188

DEBIAN - DSA-1805


Last Updated: 27 May 2016 10:50:32