Executive Summary

Summary
Title Sun Alert 266908 Security vulnerability in Solaris Pidgin (see pidgin(1)), Versions Prior to 2.5.9 may Lead to Execution of Arbitrary Code or a Denial of Service (DoS) Condition
Informations
Name SUN-266908 First vendor Publication 2009-09-14
Vendor Sun Last vendor Modification 2009-12-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10, OpenSolaris

A heap-based buffer overflow vulnerability in the MSN protocol handler of libpurple(3), the shared library that adds support for various instant messaging networks to the pidgin(1) Instant Messaging client (previously known as Gaim), may allow remote unprivileged users to execute arbitrary code or cause a Denial of Service (DoS) through an application crash.

Additional information on this issue can be found in the following document:

    CVE-2009-2694 at:
    http://www.security-database.com/detail.php?cve=CVE-2009-2694
State: Workaround
First released: 14-Sep-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_266908_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10319
 
Oval ID: oval:org.mitre.oval:def:10319
Title: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Description: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2694
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13849
 
Oval ID: oval:org.mitre.oval:def:13849
Title: USN-820-1 -- pidgin vulnerability
Description: Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
Family: unix Class: patch
Reference(s): USN-820-1
CVE-2009-2694
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): pidgin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22782
 
Oval ID: oval:org.mitre.oval:def:22782
Title: ELSA-2009:1218: pidgin security update (Critical)
Description: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Family: unix Class: patch
Reference(s): ELSA-2009:1218-01
CVE-2009-2694
Version: 6
Platform(s): Oracle Linux 5
Product(s): pidgin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29222
 
Oval ID: oval:org.mitre.oval:def:29222
Title: RHSA-2009:1218 -- pidgin security update (Critical)
Description: Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-2694)
Family: unix Class: patch
Reference(s): RHSA-2009:1218
CESA-2009:1218-CentOS 5
CESA-2009:1218-CentOS 3
CVE-2009-2694
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 5
CentOS Linux 3
Product(s): pidgin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6320
 
Oval ID: oval:org.mitre.oval:def:6320
Title: Pidgin before 2.5.9 allow denial of service via SLP (aka MSNSLP) messages
Description: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2694
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Pidgin
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 18
Application 36

ExploitDB Exploits

id Description
2009-09-09 Pidgin MSN <= 2.5.8 Remote Code Execution Exploit

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for finch CESA-2009:1218 centos5 i386
File : nvt/gb_CESA-2009_1218_finch_centos5_i386.nasl
2011-08-09 Name : CentOS Update for pidgin CESA-2009:1218 centos3 i386
File : nvt/gb_CESA-2009_1218_pidgin_centos3_i386.nasl
2010-05-28 Name : Fedora Update for pidgin FEDORA-2010-8523
File : nvt/gb_fedora_2010_8523_pidgin_fc11.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-1279
File : nvt/gb_fedora_2010_1279_pidgin_fc11.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-0429
File : nvt/gb_fedora_2010_0429_pidgin_fc11.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:321 (pidgin)
File : nvt/mdksa_2009_321.nasl
2009-10-27 Name : Fedora Core 11 FEDORA-2009-10662 (pidgin)
File : nvt/fcore_2009_10662.nasl
2009-10-27 Name : Fedora Core 10 FEDORA-2009-10702 (pidgin)
File : nvt/fcore_2009_10702.nasl
2009-10-27 Name : Gentoo Security Advisory GLSA 200910-02 (pidgin)
File : nvt/glsa_200910_02.nasl
2009-09-15 Name : Mandrake Security Advisory MDVSA-2009:230 (pidgin)
File : nvt/mdksa_2009_230.nasl
2009-09-02 Name : Ubuntu USN-820-1 (pidgin)
File : nvt/ubuntu_820_1.nasl
2009-09-02 Name : RedHat Security Advisory RHSA-2009:1218
File : nvt/RHSA_2009_1218.nasl
2009-09-02 Name : CentOS Security Advisory CESA-2009:1218 (pidgin)
File : nvt/ovcesa2009_1218.nasl
2009-09-02 Name : FreeBSD Ports: pidgin, libpurple, finch
File : nvt/freebsd_pidgin0.nasl
2009-09-02 Name : Fedora Core 11 FEDORA-2009-8874 (pidgin)
File : nvt/fcore_2009_8874.nasl
2009-09-02 Name : Fedora Core 10 FEDORA-2009-8826 (pidgin)
File : nvt/fcore_2009_8826.nasl
2009-09-02 Name : Fedora Core 11 FEDORA-2009-8804 (gupnp-igd)
File : nvt/fcore_2009_8804.nasl
2009-09-02 Name : Fedora Core 10 FEDORA-2009-8791 (pidgin)
File : nvt/fcore_2009_8791.nasl
2009-09-02 Name : Debian Security Advisory DSA 1870-1 (pidgin)
File : nvt/deb_1870_1.nasl
2009-08-26 Name : Pidgin MSN SLP Packets Denial Of Service Vulnerability (Linux)
File : nvt/secpod_pidgin_msnslp_dos_vuln_lin.nasl
2009-08-26 Name : Pidgin MSN SLP Packets Denial Of Service Vulnerability (Win)
File : nvt/secpod_pidgin_msnslp_dos_vuln_win.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-231-02 pidgin
File : nvt/esoft_slk_ssa_2009_231_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
55246 Adium libpurple msn_slplink_process_msg() Function MSN SLP Message Handling R...

54647 Pidgin libpurple msn_slplink_process_msg() Function MSN SLP Message Handling ...

Pidgin MSN protocol handling library (libpurple) contains a flaw that may allow a malicious user to cause memory corruption. The issue is triggered when a specially crafted MSN SLP packet is sent. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Pidgin MSN P2P message 64bit integer overflow attempt
RuleID : 15895 - Revision : 3 - Type : CHAT
2014-01-10 Pidgin MSNP2P message integer overflow attempt
RuleID : 14263 - Revision : 8 - Type : POLICY-SOCIAL

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1218.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1060.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090818_pidgin_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8523.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1279.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0429.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1870.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-886-1.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1060.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-321.nasl - Type : ACT_GATHER_INFO
2009-10-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200910-02.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10662.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10702.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-230.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8874.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-820-1.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_59e7af2d8db711de883b001e3300a30d.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8791.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-8804.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8826.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1218.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote host has an instant messaging client that is affected by a memory ...
File : pidgin_2_5_9.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1218.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-231-02.nasl - Type : ACT_GATHER_INFO
2009-05-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1060.nasl - Type : ACT_GATHER_INFO