Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1091

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-1091
Last Modified 02 Nov 2013 11:11:26
Published 14 Mar 2011 03:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1091

Summary

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.

Vulnerable Systems

Application

  • Pidgin 2.6.0

  • Pidgin 2.6.1

  • Pidgin 2.6.2

  • Pidgin 2.6.4

  • Pidgin 2.6.5

  • Pidgin 2.6.6

  • Pidgin 2.7.0

  • Pidgin 2.7.1

  • Pidgin 2.7.10

  • Pidgin 2.7.2

  • Pidgin 2.7.3

  • Pidgin 2.7.4

  • Pidgin 2.7.5

  • Pidgin 2.7.6

  • Pidgin 2.7.7

  • Pidgin 2.7.8

  • Pidgin 2.7.9


References

CONFIRM - http://www.pidgin.im/news/security/?id=51

CONFIRM - http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7

CONFIRM - http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=683031

XF - pidgin-yahoo-protocol-dos(66055)

VUPEN - ADV-2011-0703

VUPEN - ADV-2011-0669

VUPEN - ADV-2011-0661

VUPEN - ADV-2011-0643

BID - 46837

REDHAT - RHSA-2011:1371

REDHAT - RHSA-2011:0616

SLACKWARE - SSA:2011-070-02

SECUNIA - 46376

SECUNIA - 43721

SECUNIA - 43695

FEDORA - FEDORA-2011-3150

FEDORA - FEDORA-2011-3113

SUSE - openSUSE-SU-2012:0066

Related Patches

Novell SUSE 2011:5586 finch security update for SLED 11 SP1 i586

Novell SUSE 2011:5586 finch security update for SLED 11 SP1 x86_64

Novell SUSE 2011:7901 finch security update for SLED 10 SP4 i586

Novell SUSE 2011:7901 finch security update for SLED 10 SP4 x86_64


Last Updated: 27 May 2016 10:49:50