Executive Summary

Informations
NameCVE-2009-1374First vendor Publication2009-05-26
VendorCveLast vendor Modification2013-11-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18201
 
Oval ID: oval:org.mitre.oval:def:18201
Title: Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet
Description: Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1374
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Pidgin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11654
 
Oval ID: oval:org.mitre.oval:def:11654
Title: Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
Description: Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1374
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application21

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for finch CESA-2009:1060 centos5 i386
File : nvt/gb_CESA-2009_1060_finch_centos5_i386.nasl
2010-01-20Name : Ubuntu Update for pidgin vulnerabilities USN-886-1
File : nvt/gb_ubuntu_USN_886_1.nasl
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:321 (pidgin)
File : nvt/mdksa_2009_321.nasl
2009-10-27Name : Gentoo Security Advisory GLSA 200910-02 (pidgin)
File : nvt/glsa_200910_02.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:173 (pidgin)
File : nvt/mdksa_2009_173.nasl
2009-07-06Name : Mandrake Security Advisory MDVSA-2009:147 (pidgin)
File : nvt/mdksa_2009_147.nasl
2009-06-23Name : FreeBSD Ports: pidgin, libpurple, finch
File : nvt/freebsd_pidgin.nasl
2009-06-05Name : Gentoo Security Advisory GLSA 200905-07 (pidgin)
File : nvt/glsa_200905_07.nasl
2009-06-05Name : Ubuntu USN-781-1 (pidgin)
File : nvt/ubuntu_781_1.nasl
2009-06-05Name : Fedora Core 9 FEDORA-2009-5552 (pidgin)
File : nvt/fcore_2009_5552.nasl
2009-06-05Name : Fedora Core 11 FEDORA-2009-5583 (pidgin)
File : nvt/fcore_2009_5583.nasl
2009-06-05Name : Fedora Core 10 FEDORA-2009-5597 (pidgin)
File : nvt/fcore_2009_5597.nasl
2009-06-01Name : Pidgin Multiple Buffer Overflow Vulnerabilities (Linux)
File : nvt/secpod_pidgin_mul_bof_vuln_lin.nasl
2009-06-01Name : Pidgin Multiple Buffer Overflow Vulnerabilities (Win)
File : nvt/secpod_pidgin_mul_bof_vuln_win.nasl
2009-05-25Name : RedHat Security Advisory RHSA-2009:1060
File : nvt/RHSA_2009_1060.nasl
2009-05-25Name : CentOS Security Advisory CESA-2009:1060 (pidgin)
File : nvt/ovcesa2009_1060.nasl
0000-00-00Name : Slackware Advisory SSA:2009-146-01 pidgin
File : nvt/esoft_slk_ssa_2009_146_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
54648Pidgin QQ Packet Processing decrypt_out() Function Remote DoS

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1060.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090522_pidgin_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-19Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-886-1.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1060.nasl - Type : ACT_GATHER_INFO
2009-12-07Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-321.nasl - Type : ACT_GATHER_INFO
2009-10-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200910-02.nasl - Type : ACT_GATHER_INFO
2009-07-01Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-147.nasl - Type : ACT_GATHER_INFO
2009-06-17Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_b1ca65e65aaf11debc9b0030843d3802.nasl - Type : ACT_GATHER_INFO
2009-06-04Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-781-1.nasl - Type : ACT_GATHER_INFO
2009-06-03Name : The remote Fedora host is missing a security update.
File : fedora_2009-5552.nasl - Type : ACT_GATHER_INFO
2009-06-03Name : The remote Fedora host is missing a security update.
File : fedora_2009-5583.nasl - Type : ACT_GATHER_INFO
2009-06-03Name : The remote Fedora host is missing a security update.
File : fedora_2009-5597.nasl - Type : ACT_GATHER_INFO
2009-05-27Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-146-01.nasl - Type : ACT_GATHER_INFO
2009-05-26Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200905-07.nasl - Type : ACT_GATHER_INFO
2009-05-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1060.nasl - Type : ACT_GATHER_INFO
2009-05-22Name : The remote host is running an instant messaging client that is affected by mu...
File : pidgin_2_5_6.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/35067
CONFIRMhttp://www.pidgin.im/news/security/?id=30
https://bugzilla.redhat.com/show_bug.cgi?id=500490
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
GENTOOhttp://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:173
REDHAThttp://www.redhat.com/support/errata/RHSA-2009-1060.html
SECUNIAhttp://secunia.com/advisories/35188
http://secunia.com/advisories/35194
http://secunia.com/advisories/35202
http://secunia.com/advisories/35294
http://secunia.com/advisories/35329
UBUNTUhttp://www.ubuntu.com/usn/USN-781-1
VUPENhttp://www.vupen.com/english/advisories/2009/1396
XFhttp://xforce.iss.net/xforce/xfdb/50684

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 10:49:46
  • Multiple Updates
2013-11-04 21:20:42
  • Multiple Updates
2013-05-10 23:49:15
  • Multiple Updates