Executive Summary
Summary | |
---|---|
Title | Pidgin vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1500-1 | First vendor Publication | 2012-07-09 |
Vendor | Ubuntu | Last vendor Modification | 2012-07-09 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Pidgin. Software Description: - pidgin: graphical multi-protocol instant messaging client for X Details: Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601) Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4602) Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4603) Julia Lawall discovered that Pidgin incorrectly cleared memory contents used in cryptographic operations. An attacker could exploit this to read the memory contents, leading to an information disclosure. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-4922) Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled nickname changes inside chat rooms in the XMPP protocol handler. A remote attacker could exploit this by changing nicknames, leading to a denial of service. This issue only affected Ubuntu 11.10. (CVE-2011-4939) Thijs Alkemade discovered that Pidgin incorrectly handled off-line instant messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2012-1178) José Valentín Gutiérrez discovered that Pidgin incorrectly handled SOCKS5 proxy connections during file transfer requests in the XMPP protocol handler. A remote attacker could send a specially crafted request and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS and 11.10. (CVE-2012-2214) Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2012-2318) Ulf Härnhammar discovered that Pidgin incorrectly handled messages with in-line images in the MXit protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2012-3374) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: Ubuntu 11.10: Ubuntu 11.04: Ubuntu 10.04 LTS: After a standard system update you need to restart Pidgin to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1500-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
44 % | CWE-20 | Improper Input Validation |
22 % | CWE-399 | Resource Management Errors |
11 % | CWE-264 | Permissions, Privileges, and Access Controls |
11 % | CWE-200 | Information Exposure |
11 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17448 | |||
Oval ID: | oval:org.mitre.oval:def:17448 | ||
Title: | msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message | ||
Description: | msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2318 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17678 | |||
Oval ID: | oval:org.mitre.oval:def:17678 | ||
Title: | Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message | ||
Description: | Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3374 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17715 | |||
Oval ID: | oval:org.mitre.oval:def:17715 | ||
Title: | USN-1500-1 -- pidgin vulnerabilities | ||
Description: | Several security issues were fixed in Pidgin. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1500-1 CVE-2011-4601 CVE-2011-4602 CVE-2011-4603 CVE-2011-4922 CVE-2011-4939 CVE-2012-1178 CVE-2012-2214 CVE-2012-2318 CVE-2012-3374 | Version: | 5 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17886 | |||
Oval ID: | oval:org.mitre.oval:def:17886 | ||
Title: | proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests | ||
Description: | proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2214 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18019 | |||
Oval ID: | oval:org.mitre.oval:def:18019 | ||
Title: | The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding | ||
Description: | The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1178 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18223 | |||
Oval ID: | oval:org.mitre.oval:def:18223 | ||
Title: | cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents | ||
Description: | cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4922 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18297 | |||
Oval ID: | oval:org.mitre.oval:def:18297 | ||
Title: | DSA-2509-1 pidgin - remote code execution | ||
Description: | Ulf Härnhammar found a buffer overflow in Pidgin, a multi-protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2509-1 CVE-2012-3374 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18303 | |||
Oval ID: | oval:org.mitre.oval:def:18303 | ||
Title: | The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594 | ||
Description: | The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4603 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18406 | |||
Oval ID: | oval:org.mitre.oval:def:18406 | ||
Title: | The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room | ||
Description: | The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4939 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18408 | |||
Oval ID: | oval:org.mitre.oval:def:18408 | ||
Title: | family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition | ||
Description: | family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4601 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18420 | |||
Oval ID: | oval:org.mitre.oval:def:18420 | ||
Title: | The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message | ||
Description: | The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4602 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21567 | |||
Oval ID: | oval:org.mitre.oval:def:21567 | ||
Title: | RHSA-2011:1820: pidgin security update (Moderate) | ||
Description: | The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1820-01 CESA-2011:1820 CVE-2011-4601 CVE-2011-4602 CVE-2011-4603 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21879 | |||
Oval ID: | oval:org.mitre.oval:def:21879 | ||
Title: | RHSA-2011:1821: pidgin security update (Moderate) | ||
Description: | The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1821-01 CESA-2011:1821 CVE-2011-4601 CVE-2011-4602 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23420 | |||
Oval ID: | oval:org.mitre.oval:def:23420 | ||
Title: | ELSA-2011:1820: pidgin security update (Moderate) | ||
Description: | The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1820-01 CVE-2011-4601 CVE-2011-4602 CVE-2011-4603 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23572 | |||
Oval ID: | oval:org.mitre.oval:def:23572 | ||
Title: | ELSA-2011:0616: pidgin security and bug fix update (Low) | ||
Description: | cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0616-01 CVE-2011-1091 CVE-2011-4922 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27904 | |||
Oval ID: | oval:org.mitre.oval:def:27904 | ||
Title: | DEPRECATED: ELSA-2011-0616 -- pidgin security and bug fix update (low) | ||
Description: | [2.7.9-3.el6] - Add patch for RH bug #684685 (zero-out crypto keys before freeing). [2.7.9-2.el6] - Add patch for CVE-2011-1091 (RH bug #683031). [2.7.9-1.el6] - Update to 2.7.9 (RH bug #616917). - Remove patches now included upstream: pidgin-2.6.6-clientLogin-proxy-fix.patch pidgin-2.6.6-clientLogin-use-https.patch pidgin-2.6.6-CVE-2010-1624.patch pidgin-2.6.6-CVE-2010-3711.patch - Disable the translation updates patch. It doesn't apply anymore and will have to be redone. Saving the patch for now in case some parts are still useful to translators. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0616 CVE-2011-1091 CVE-2011-4922 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27978 | |||
Oval ID: | oval:org.mitre.oval:def:27978 | ||
Title: | DEPRECATED: ELSA-2011-1821 -- pidgin security update (moderate) | ||
Description: | [2.7.9-3.el6_2.2] - Add patch for CVE-2011-4602 (RH bug #766452). [2.7.9-3.el6_2.1] - Add patch for CVE-2011-4601 (RH bug #766452). | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1821 CVE-2011-4601 CVE-2011-4602 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | pidgin |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-19 | Name : Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows) File : nvt/gb_pidgin_mxit_msg_parsing_bof_vuln_win.nasl |
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-17 (pidgin) File : nvt/glsa_201209_17.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-195-02 pidgin File : nvt/esoft_slk_ssa_2012_195_02.nasl |
2012-08-30 | Name : Fedora Update for pidgin FEDORA-2012-10287 File : nvt/gb_fedora_2012_10287_pidgin_fc17.nasl |
2012-08-30 | Name : Fedora Update for pidgin FEDORA-2012-8669 File : nvt/gb_fedora_2012_8669_pidgin_fc15.nasl |
2012-08-30 | Name : Fedora Update for pidgin FEDORA-2012-8687 File : nvt/gb_fedora_2012_8687_pidgin_fc17.nasl |
2012-08-17 | Name : Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows) File : nvt/gb_pidgin_libpurple_cipher_api_info_disc_vuln_win.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2509-1 (pidgin) File : nvt/deb_2509_1.nasl |
2012-08-03 | Name : Mandriva Update for pidgin MDVSA-2012:082 (pidgin) File : nvt/gb_mandriva_MDVSA_2012_082.nasl |
2012-08-03 | Name : Mandriva Update for pidgin MDVSA-2012:029 (pidgin) File : nvt/gb_mandriva_MDVSA_2012_029.nasl |
2012-07-30 | Name : CentOS Update for finch CESA-2011:1821 centos6 File : nvt/gb_CESA-2011_1821_finch_centos6.nasl |
2012-07-30 | Name : CentOS Update for finch CESA-2012:1102 centos5 File : nvt/gb_CESA-2012_1102_finch_centos5.nasl |
2012-07-30 | Name : CentOS Update for finch CESA-2012:1102 centos6 File : nvt/gb_CESA-2012_1102_finch_centos6.nasl |
2012-07-30 | Name : CentOS Update for finch CESA-2011:1820 centos5 x86_64 File : nvt/gb_CESA-2011_1820_finch_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for finch CESA-2011:1820 centos4 x86_64 File : nvt/gb_CESA-2011_1820_finch_centos4_x86_64.nasl |
2012-07-23 | Name : RedHat Update for pidgin RHSA-2012:1102-01 File : nvt/gb_RHSA-2012_1102-01_pidgin.nasl |
2012-07-16 | Name : Mandriva Update for pidgin MDVSA-2012:105 (pidgin) File : nvt/gb_mandriva_MDVSA_2012_105.nasl |
2012-07-16 | Name : Fedora Update for pidgin FEDORA-2012-10294 File : nvt/gb_fedora_2012_10294_pidgin_fc16.nasl |
2012-07-10 | Name : Ubuntu Update for pidgin USN-1500-1 File : nvt/gb_ubuntu_USN_1500_1.nasl |
2012-07-09 | Name : RedHat Update for pidgin RHSA-2011:1821-01 File : nvt/gb_RHSA-2011_1821-01_pidgin.nasl |
2012-07-04 | Name : Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows) File : nvt/gb_pidgin_msn_n_xmpp_dos_vuln_win.nasl |
2012-06-11 | Name : Fedora Update for pidgin FEDORA-2012-8686 File : nvt/gb_fedora_2012_8686_pidgin_fc16.nasl |
2012-05-31 | Name : FreeBSD Ports: libpurple File : nvt/freebsd_libpurple0.nasl |
2012-04-30 | Name : FreeBSD Ports: libpurple File : nvt/freebsd_libpurple.nasl |
2012-04-02 | Name : Fedora Update for pidgin FEDORA-2012-4600 File : nvt/gb_fedora_2012_4600_pidgin_fc15.nasl |
2012-04-02 | Name : Fedora Update for pidgin FEDORA-2011-17558 File : nvt/gb_fedora_2011_17558_pidgin_fc16.nasl |
2012-03-26 | Name : Fedora Update for pidgin FEDORA-2012-4595 File : nvt/gb_fedora_2012_4595_pidgin_fc16.nasl |
2012-03-19 | Name : Pidgin Multiple Denial of Service Vulnerabilities (Windows) File : nvt/gb_pidgin_mult_dos_vuln_win.nasl |
2012-01-09 | Name : Fedora Update for pidgin FEDORA-2011-17546 File : nvt/gb_fedora_2011_17546_pidgin_fc15.nasl |
2011-12-21 | Name : Pidgin XMPP And SILC Protocols Denial of Service Vulnerabilities (Win) File : nvt/secpod_pidgin_xmpp_and_silc_protocol_dos_vuln_win.nasl |
2011-12-16 | Name : RedHat Update for pidgin RHSA-2011:1820-01 File : nvt/gb_RHSA-2011_1820-01_pidgin.nasl |
2011-12-16 | Name : CentOS Update for finch CESA-2011:1820 centos5 i386 File : nvt/gb_CESA-2011_1820_finch_centos5_i386.nasl |
2011-12-16 | Name : CentOS Update for finch CESA-2011:1820 centos4 i386 File : nvt/gb_CESA-2011_1820_finch_centos4_i386.nasl |
2011-12-12 | Name : Mandriva Update for pidgin MDVSA-2011:183 (pidgin) File : nvt/gb_mandriva_MDVSA_2011_183.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77751 | Pidgin libpurple/protocols/silc/ops.c silc_channel_message() Function SILC Me... |
77750 | Pidgin XMPP Protocol Missing Field Video / Voice Chat Stanza Remote DoS |
77749 | Pidgin libpurple/protocols/oscar/family_feedbag.c Oscar Protocol Buddy Additi... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_pidgin_20130716.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_pidgin_20121009.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_finch-111219.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_finch-111219.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-432.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-384.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-29.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1102.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1821.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1820.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_finch-120515.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_finch-120516.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_finch-120712.nasl - Type : ACT_GATHER_INFO |
2012-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-17.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-082.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-105.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-029.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120719_pidgin_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111214_pidgin_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111214_pidgin_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-07-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1102.nasl - Type : ACT_GATHER_INFO |
2012-07-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1102.nasl - Type : ACT_GATHER_INFO |
2012-07-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_finch-8220.nasl - Type : ACT_GATHER_INFO |
2012-07-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10294.nasl - Type : ACT_GATHER_INFO |
2012-07-16 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-195-02.nasl - Type : ACT_GATHER_INFO |
2012-07-13 | Name : An instant messaging client installed on the remote Windows host is affected ... File : pidgin_2_10_5.nasl - Type : ACT_GATHER_INFO |
2012-07-11 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10287.nasl - Type : ACT_GATHER_INFO |
2012-07-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1500-1.nasl - Type : ACT_GATHER_INFO |
2012-07-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2509.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_finch-8131.nasl - Type : ACT_GATHER_INFO |
2012-06-11 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8669.nasl - Type : ACT_GATHER_INFO |
2012-06-11 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8686.nasl - Type : ACT_GATHER_INFO |
2012-06-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8687.nasl - Type : ACT_GATHER_INFO |
2012-05-31 | Name : An instant messaging client installed on the remote Windows host is potential... File : pidgin_2_10_4.nasl - Type : ACT_GATHER_INFO |
2012-05-14 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_64f8b72d9c4e11e19c94000bcdf0a03b.nasl - Type : ACT_GATHER_INFO |
2012-04-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7289214f7c5511e1ab3b000bcdf0a03b.nasl - Type : ACT_GATHER_INFO |
2012-03-21 | Name : An instant messaging client installed on the remote Windows host is potential... File : pidgin_2_10_2.nasl - Type : ACT_GATHER_INFO |
2012-01-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_finch-111226.nasl - Type : ACT_GATHER_INFO |
2012-01-10 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_finch-7901.nasl - Type : ACT_GATHER_INFO |
2012-01-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-17546.nasl - Type : ACT_GATHER_INFO |
2012-01-06 | Name : The remote Fedora host is missing a security update. File : fedora_2011-17558.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1821.nasl - Type : ACT_GATHER_INFO |
2011-12-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1821.nasl - Type : ACT_GATHER_INFO |
2011-12-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1820.nasl - Type : ACT_GATHER_INFO |
2011-12-15 | Name : An instant messaging client installed on the remote Windows host is potential... File : pidgin_2_10_1.nasl - Type : ACT_GATHER_INFO |
2011-12-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1820.nasl - Type : ACT_GATHER_INFO |
2011-12-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-183.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0616.nasl - Type : ACT_GATHER_INFO |
2011-02-21 | Name : An instant messaging client installed on the remote Windows host is affected ... File : pidgin_2_7_10.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:24 |
|