This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Adium First view 2010-01-09
Product Adium Last view 2010-01-09
Version 1.3.8 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:adium:adium

Activity : Overall

Related : CVE

  Date Alert Description
5 2010-01-09 CVE-2010-0277

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

5 2010-01-09 CVE-2010-0013

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-399 Resource Management Errors
50% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-23 File System Function Injection, Content Based
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-139 Relative Path Traversal

Open Source Vulnerability Database (OSVDB)

id Description
61626 Adium libpurple MSN protocol plugin slp.c Unspecified Memory Corruption
61625 Pidgin libpurple MSN protocol plugin slp.c Unspecified Memory Corruption
61421 Adium MSN Custom Smileys Feature Emoticon Request Traversal Arbitrary File Di...
61420 Pidgin MSN Custom Smileys Feature Emoticon Request Traversal Arbitrary File D...

ExploitDB Exploits

id Description
11203 Pidgin MSN <= 2.6.4 File Download Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-11 (Pidgin)
File : nvt/glsa_201206_11.nasl
2011-08-09 Name : CentOS Update for finch CESA-2010:0115 centos5 i386
File : nvt/gb_CESA-2010_0115_finch_centos5_i386.nasl
2011-08-09 Name : CentOS Update for finch CESA-2010:0044 centos5 i386
File : nvt/gb_CESA-2010_0044_finch_centos5_i386.nasl
2010-11-16 Name : Fedora Update for pidgin FEDORA-2010-17130
File : nvt/gb_fedora_2010_17130_pidgin_fc12.nasl
2010-08-02 Name : Fedora Update for pidgin FEDORA-2010-11315
File : nvt/gb_fedora_2010_11315_pidgin_fc12.nasl
2010-05-28 Name : Fedora Update for pidgin FEDORA-2010-8524
File : nvt/gb_fedora_2010_8524_pidgin_fc12.nasl
2010-05-28 Name : Fedora Update for pidgin FEDORA-2010-8523
File : nvt/gb_fedora_2010_8523_pidgin_fc11.nasl
2010-05-04 Name : FreeBSD Ports: pidgin
File : nvt/freebsd_pidgin1.nasl
2010-04-30 Name : Mandriva Update for pidgin MDVSA-2010:085 (pidgin)
File : nvt/gb_mandriva_MDVSA_2010_085.nasl
2010-03-02 Name : Ubuntu Update for pidgin vulnerabilities USN-902-1
File : nvt/gb_ubuntu_USN_902_1.nasl
2010-03-02 Name : Mandriva Update for dhcp MDVA-2010:085 (dhcp)
File : nvt/gb_mandriva_MDVA_2010_085.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-1383
File : nvt/gb_fedora_2010_1383_pidgin_fc12.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-1279
File : nvt/gb_fedora_2010_1279_pidgin_fc11.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-0429
File : nvt/gb_fedora_2010_0429_pidgin_fc11.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-0368
File : nvt/gb_fedora_2010_0368_pidgin_fc12.nasl
2010-02-22 Name : CentOS Update for finch CESA-2010:0115 centos4 i386
File : nvt/gb_CESA-2010_0115_finch_centos4_i386.nasl
2010-02-19 Name : RedHat Update for pidgin RHSA-2010:0115-01
File : nvt/gb_RHSA-2010_0115-01_pidgin.nasl
2010-02-19 Name : Mandriva Update for pidgin MDVSA-2010:041 (pidgin)
File : nvt/gb_mandriva_MDVSA_2010_041.nasl
2010-01-29 Name : Mandriva Update for mjpegtools MDVA-2010:041 (mjpegtools)
File : nvt/gb_mandriva_MDVA_2010_041.nasl
2010-01-20 Name : Ubuntu Update for pidgin vulnerabilities USN-886-1
File : nvt/gb_ubuntu_USN_886_1.nasl
2010-01-19 Name : CentOS Update for finch CESA-2010:0044 centos4 i386
File : nvt/gb_CESA-2010_0044_finch_centos4_i386.nasl
2010-01-19 Name : RedHat Update for pidgin RHSA-2010:0044-01
File : nvt/gb_RHSA-2010_0044-01_pidgin.nasl
2010-01-19 Name : CentOS Update for finch CESA-2010:0044 centos4 x86_64
File : nvt/gb_CESA-2010_0044_finch_centos4_x86_64.nasl
2010-01-16 Name : Pidgin MSN Custom Smileys File Disclosure Vulnerability (Linux)
File : nvt/gb_pidgin_msnslp_dir_trav_vuln_lin.nasl
2010-01-16 Name : Pidgin MSN Custom Smileys File Disclosure Vulnerability (Win)
File : nvt/gb_pidgin_msnslp_dir_trav_vuln_win.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-12-28 Name: The remote host is missing Sun Security Patch number 143318-03
File: solaris10_x86_143318.nasl - Type: ACT_GATHER_INFO
2013-12-28 Name: The remote host is missing Sun Security Patch number 143317-03
File: solaris10_143317.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2010-0115.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2010-0044.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20100114_pidgin_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20100218_pidgin_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-06-22 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201206-11.nasl - Type: ACT_GATHER_INFO
2011-01-27 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_finch-6861.nasl - Type: ACT_GATHER_INFO
2011-01-27 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_finch-6856.nasl - Type: ACT_GATHER_INFO
2010-11-11 Name: The remote Fedora host is missing a security update.
File: fedora_2010-17130.nasl - Type: ACT_GATHER_INFO
2010-08-02 Name: The remote Fedora host is missing a security update.
File: fedora_2010-11315.nasl - Type: ACT_GATHER_INFO
2010-07-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2010-002.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-1383.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-1934.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-8523.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-8524.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-1279.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0429.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-0368.nasl - Type: ACT_GATHER_INFO
2010-04-29 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2010-085.nasl - Type: ACT_GATHER_INFO
2010-04-21 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_a2c4d3d54c7b11df83fb0015587e2cc1.nasl - Type: ACT_GATHER_INFO
2010-03-11 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2010-069-01.nasl - Type: ACT_GATHER_INFO
2010-03-04 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_finch-100219.nasl - Type: ACT_GATHER_INFO
2010-03-04 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_finch-100219.nasl - Type: ACT_GATHER_INFO
2010-03-04 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_finch-100219.nasl - Type: ACT_GATHER_INFO