what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2011-4602

Status Candidate

Overview

The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.

Related Files

Ubuntu Security Notice USN-1500-1
Posted Jul 9, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1500-1 - Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4922, CVE-2011-4939, CVE-2012-1178, CVE-2012-2214, CVE-2012-2318, CVE-2012-3374, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4922, CVE-2011-4939, CVE-2012-1178, CVE-2012-2214, CVE-2012-2318, CVE-2012-3374
SHA-256 | a749885c45d3ed6a82077ecb3953f73e5275c512532f5583f18a44f27c49d270
Red Hat Security Advisory 2011-1821-01
Posted Dec 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1821-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4601, CVE-2011-4602
SHA-256 | 8898c9e665950277a124090594f6f201ce5f2d533466d4f40f014414cdf3c633
Red Hat Security Advisory 2011-1820-01
Posted Dec 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1820-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters in channel messages. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4601, CVE-2011-4602, CVE-2011-4603
SHA-256 | 46920b2be0ad0a71dc0f6800ddcb5927c42aa93032c295654bdee52801a20d3f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close