FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pidgin -- multiple vulnerabilities

Affected packages
finch < 2.5.6
libpurple < 2.5.6
pidgin < 2.5.6

Details

VuXML ID b1ca65e6-5aaf-11de-bc9b-0030843d3802
Discovery 2009-06-03
Entry 2009-06-16

Secunia reports:

Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system.

A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow.

A boundary error in the XMPP SOCKS5 "bytestream" server when initiating an outgoing file transfer can be exploited to cause a buffer overflow.

A boundary error exists in the implementation of the "PurpleCircBuffer" structure. This can be exploited to corrupt memory and cause a crash via specially crafted XMPP or Sametime packets.

A boundary error in the "decrypt_out()" function can be exploited to cause a stack-based buffer overflow with 8 bytes and crash the application via a specially crafted QQ packet.

References

Bugtraq ID 35067
CVE Name CVE-2009-1373
CVE Name CVE-2009-1374
CVE Name CVE-2009-1375
CVE Name CVE-2009-1376
URL http://secunia.com/advisories/35194/
URL http://www.pidgin.im/news/security/?id=29
URL http://www.pidgin.im/news/security/?id=30
URL http://www.pidgin.im/news/security/?id=32