SB2013021405 - Slackware Linux update for pidgin

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2013021405

SB2013021405 - Slackware Linux update for pidgin

Published: February 14, 2013 Updated: May 6, 2017

Security Bulletin ID SB2013021405
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 75% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2013-0271)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.


2) Buffer overflow (CVE-ID: CVE-2013-0272)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.


3) Input validation error (CVE-ID: CVE-2013-0273)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.


4) Input validation error (CVE-ID: CVE-2013-0274)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.


Remediation

Install update from vendor's website.

References