Executive Summary

Informations
Name MDVSA-2010:259 First vendor Publication 2010-12-23
Vendor Mandriva Last vendor Modification 2010-12-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A null pointer dereference due to receiving a short packet for a direct connection in the MSN code could potentially cause a denial of service.

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update provides pidgin 2.7.8 that has been patched to address this flaw.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:259

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18461
 
Oval ID: oval:org.mitre.oval:def:18461
Title: directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session
Description: directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4528
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
 Product(s): Pidgin
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 53

OpenVAS Exploits

Date Description
2010-12-28 Name : Mandriva Update for pidgin MDVSA-2010:259 (pidgin)
File : nvt/gb_mandriva_MDVSA_2010_259.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70162 Pidgin MSN Direct Connection p2pv2 Packet Handling NULL Dereference Remote DoS

Pidgin contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs when handling certain MSN direct connection (P2Pv2) packets. This allows an attacker to use specially crafted p2pv2 packets to cause the process to crash via a NULL pointer dereference error.

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_finch-110105.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_finch-110107.nasl - Type : ACT_GATHER_INFO
2011-01-10 Name : The remote Fedora host is missing a security update.
File : fedora_2010-19317.nasl - Type : ACT_GATHER_INFO
2011-01-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-19314.nasl - Type : ACT_GATHER_INFO
2010-12-26 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-259.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:41:59
  • Multiple Updates