Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-1373 | First vendor Publication | 2009-05-26 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 3.9 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17722 | |||
Oval ID: | oval:org.mitre.oval:def:17722 | ||
Title: | Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information | ||
Description: | Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1373 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9005 | |||
Oval ID: | oval:org.mitre.oval:def:9005 | ||
Title: | Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. | ||
Description: | Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1373 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for pidgin CESA-2009:1059 centos3 i386 File : nvt/gb_CESA-2009_1059_pidgin_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for finch CESA-2009:1060 centos5 i386 File : nvt/gb_CESA-2009_1060_finch_centos5_i386.nasl |
2010-01-20 | Name : Ubuntu Update for pidgin vulnerabilities USN-886-1 File : nvt/gb_ubuntu_USN_886_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:321 (pidgin) File : nvt/mdksa_2009_321.nasl |
2009-10-27 | Name : Gentoo Security Advisory GLSA 200910-02 (pidgin) File : nvt/glsa_200910_02.nasl |
2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:173 (pidgin) File : nvt/mdksa_2009_173.nasl |
2009-07-06 | Name : Mandrake Security Advisory MDVSA-2009:147 (pidgin) File : nvt/mdksa_2009_147.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:140 (gaim) File : nvt/mdksa_2009_140.nasl |
2009-06-23 | Name : FreeBSD Ports: pidgin, libpurple, finch File : nvt/freebsd_pidgin.nasl |
2009-06-05 | Name : Ubuntu USN-781-2 (gaim) File : nvt/ubuntu_781_2.nasl |
2009-06-05 | Name : Ubuntu USN-781-1 (pidgin) File : nvt/ubuntu_781_1.nasl |
2009-06-05 | Name : Gentoo Security Advisory GLSA 200905-07 (pidgin) File : nvt/glsa_200905_07.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-5597 (pidgin) File : nvt/fcore_2009_5597.nasl |
2009-06-05 | Name : Fedora Core 11 FEDORA-2009-5583 (pidgin) File : nvt/fcore_2009_5583.nasl |
2009-06-05 | Name : Fedora Core 9 FEDORA-2009-5552 (pidgin) File : nvt/fcore_2009_5552.nasl |
2009-06-01 | Name : Pidgin Multiple Buffer Overflow Vulnerabilities (Linux) File : nvt/secpod_pidgin_mul_bof_vuln_lin.nasl |
2009-06-01 | Name : Pidgin Multiple Buffer Overflow Vulnerabilities (Win) File : nvt/secpod_pidgin_mul_bof_vuln_win.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:1059 (pidgin) File : nvt/ovcesa2009_1059.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:1060 (pidgin) File : nvt/ovcesa2009_1060.nasl |
2009-05-25 | Name : Debian Security Advisory DSA 1805-1 (pidgin) File : nvt/deb_1805_1.nasl |
2009-05-25 | Name : RedHat Security Advisory RHSA-2009:1060 File : nvt/RHSA_2009_1060.nasl |
2009-05-25 | Name : RedHat Security Advisory RHSA-2009:1059 File : nvt/RHSA_2009_1059.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-146-01 pidgin File : nvt/esoft_slk_ssa_2009_146_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54646 | Pidgin XMPP SOCKS5 Bytestream Server File Transfer Remote Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1060.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1059.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090522_pidgin_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gaim-6350.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_finch-6342.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-886-1.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1060.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-321.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_finch-6351.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_finch-090709.nasl - Type : ACT_GATHER_INFO |
2009-07-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_finch-090708.nasl - Type : ACT_GATHER_INFO |
2009-07-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_finch-090709.nasl - Type : ACT_GATHER_INFO |
2009-07-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-147.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b1ca65e65aaf11debc9b0030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-06-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-781-2.nasl - Type : ACT_GATHER_INFO |
2009-06-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-781-1.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5597.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5552.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5583.nasl - Type : ACT_GATHER_INFO |
2009-05-27 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-146-01.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200905-07.nasl - Type : ACT_GATHER_INFO |
2009-05-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1805.nasl - Type : ACT_GATHER_INFO |
2009-05-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1059.nasl - Type : ACT_GATHER_INFO |
2009-05-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1060.nasl - Type : ACT_GATHER_INFO |
2009-05-23 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1059.nasl - Type : ACT_GATHER_INFO |
2009-05-22 | Name : The remote host is running an instant messaging client that is affected by mu... File : pidgin_2_5_6.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:47:43 |
|
2023-02-13 09:29:19 |
|
2021-05-04 12:09:27 |
|
2021-04-22 01:09:48 |
|
2020-05-23 01:40:19 |
|
2020-05-23 00:23:40 |
|
2019-06-05 12:02:21 |
|
2018-09-25 12:07:10 |
|
2017-09-29 09:24:11 |
|
2017-08-17 09:22:33 |
|
2016-04-26 18:46:29 |
|
2014-02-17 10:49:46 |
|
2013-11-04 21:20:42 |
|
2013-05-10 23:49:15 |
|