Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 277450 A Security Vulnerability in Solaris Pidgin (see pidgin(1)) May Allow Remote Unprivileged Users to Access Arbitrary Files
Informations
Name SUN-277450 First vendor Publication 2010-02-19
Vendor Sun Last vendor Modification 2010-02-19
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: OpenSolaris

A vulnerability in the MSN protocol handler of libpurple(3), the sharedlibrary that adds support for various instant messaging networks to thepidgin(1) Instant Messaging client (previously known as Gaim), mayallow remote unprivileged users to retrieve arbitrary files (readableby the targeted user) on the target's computer via a custom "smiley"request.

Additional information on this issue can be found in the followingdocument:


State: Resolved
First released: 19-Feb-2010

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_277450_a_security

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-23 File System Function Injection, Content Based
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-139 Relative Path Traversal

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10333
 
Oval ID: oval:org.mitre.oval:def:10333
Title: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Description: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0013
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17620
 
Oval ID: oval:org.mitre.oval:def:17620
Title: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon
Description: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0013
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Pidgin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22173
 
Oval ID: oval:org.mitre.oval:def:22173
Title: RHSA-2010:0044: pidgin security update (Important)
Description: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Family: unix Class: patch
Reference(s): RHSA-2010:0044-01
CESA-2010:0044
CVE-2010-0013
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): pidgin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23006
 
Oval ID: oval:org.mitre.oval:def:23006
Title: ELSA-2010:0044: pidgin security update (Important)
Description: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Family: unix Class: patch
Reference(s): ELSA-2010:0044-01
CVE-2010-0013
Version: 6
Platform(s): Oracle Linux 5
Product(s): pidgin
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Os 2
Os 6
Os 2
Os 1
Os 2

ExploitDB Exploits

id Description
2010-01-19 Pidgin MSN <= 2.6.4 File Download Vulnerability

OpenVAS Exploits

Date Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-11 (Pidgin)
File : nvt/glsa_201206_11.nasl
2011-08-09 Name : CentOS Update for finch CESA-2010:0044 centos5 i386
File : nvt/gb_CESA-2010_0044_finch_centos5_i386.nasl
2010-11-16 Name : Fedora Update for pidgin FEDORA-2010-17130
File : nvt/gb_fedora_2010_17130_pidgin_fc12.nasl
2010-08-02 Name : Fedora Update for pidgin FEDORA-2010-11315
File : nvt/gb_fedora_2010_11315_pidgin_fc12.nasl
2010-05-28 Name : Fedora Update for pidgin FEDORA-2010-8524
File : nvt/gb_fedora_2010_8524_pidgin_fc12.nasl
2010-05-28 Name : Fedora Update for pidgin FEDORA-2010-8523
File : nvt/gb_fedora_2010_8523_pidgin_fc11.nasl
2010-05-04 Name : FreeBSD Ports: pidgin
File : nvt/freebsd_pidgin1.nasl
2010-04-30 Name : Mandriva Update for pidgin MDVSA-2010:085 (pidgin)
File : nvt/gb_mandriva_MDVSA_2010_085.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-0429
File : nvt/gb_fedora_2010_0429_pidgin_fc11.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-0368
File : nvt/gb_fedora_2010_0368_pidgin_fc12.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-1279
File : nvt/gb_fedora_2010_1279_pidgin_fc11.nasl
2010-03-02 Name : Fedora Update for pidgin FEDORA-2010-1383
File : nvt/gb_fedora_2010_1383_pidgin_fc12.nasl
2010-03-02 Name : Mandriva Update for dhcp MDVA-2010:085 (dhcp)
File : nvt/gb_mandriva_MDVA_2010_085.nasl
2010-01-20 Name : Ubuntu Update for pidgin vulnerabilities USN-886-1
File : nvt/gb_ubuntu_USN_886_1.nasl
2010-01-19 Name : RedHat Update for pidgin RHSA-2010:0044-01
File : nvt/gb_RHSA-2010_0044-01_pidgin.nasl
2010-01-19 Name : CentOS Update for finch CESA-2010:0044 centos4 i386
File : nvt/gb_CESA-2010_0044_finch_centos4_i386.nasl
2010-01-19 Name : CentOS Update for finch CESA-2010:0044 centos4 x86_64
File : nvt/gb_CESA-2010_0044_finch_centos4_x86_64.nasl
2010-01-16 Name : Pidgin MSN Custom Smileys File Disclosure Vulnerability (Linux)
File : nvt/gb_pidgin_msnslp_dir_trav_vuln_lin.nasl
2010-01-16 Name : Pidgin MSN Custom Smileys File Disclosure Vulnerability (Win)
File : nvt/gb_pidgin_msnslp_dir_trav_vuln_win.nasl
2010-01-15 Name : Mandriva Update for pidgin MDVSA-2010:001 (pidgin)
File : nvt/gb_mandriva_MDVSA_2010_001.nasl
2010-01-15 Name : Mandriva Update for pidgin MDVSA-2010:002 (pidgin)
File : nvt/gb_mandriva_MDVSA_2010_002.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-024-03 pidgin
File : nvt/esoft_slk_ssa_2010_024_03.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61421 Adium MSN Custom Smileys Feature Emoticon Request Traversal Arbitrary File Di...

61420 Pidgin MSN Custom Smileys Feature Emoticon Request Traversal Arbitrary File D...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0044.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100114_pidgin_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-06-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-11.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_finch-6856.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_finch-6861.nasl - Type : ACT_GATHER_INFO
2010-11-11 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17130.nasl - Type : ACT_GATHER_INFO
2010-08-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11315.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-002.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8524.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8523.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1383.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1279.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0429.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0368.nasl - Type : ACT_GATHER_INFO
2010-04-29 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-085.nasl - Type : ACT_GATHER_INFO
2010-03-04 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_finch-100219.nasl - Type : ACT_GATHER_INFO
2010-03-04 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_finch-100219.nasl - Type : ACT_GATHER_INFO
2010-03-04 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_finch-100219.nasl - Type : ACT_GATHER_INFO
2010-03-03 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_finch-100219.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-024-03.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-886-1.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0044.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0044.nasl - Type : ACT_GATHER_INFO
2010-01-12 Name : An instant messaging client installed on the remote Windows host is affected ...
File : pidgin_2_6_5.nasl - Type : ACT_GATHER_INFO
2010-01-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-001.nasl - Type : ACT_GATHER_INFO