Executive Summary

Summary
Title Pidgin vulnerability
Informations
Name USN-548-1 First vendor Publication 2007-11-28
Vendor Ubuntu Last vendor Modification 2007-11-28
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.10:
libpurple0 1:2.2.1-1ubuntu4.1

After a standard system upgrade you need to restart Pidgin to effect the necessary changes.

Details follow:

It was discovered that Pidgin did not correctly handle certain logging events. A remote attacker could send specially crafted messages and cause the application to crash, leading to a denial of service.

Original Source

Url : http://www.ubuntu.com/usn/USN-548-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17522
 
Oval ID: oval:org.mitre.oval:def:17522
Title: USN-548-1 -- pidgin vulnerability
Description: It was discovered that Pidgin did not correctly handle certain logging events.
Family: unix Class: patch
Reference(s): USN-548-1
CVE-2007-4999
 Version: 5
Platform(s): Ubuntu 7.10
 Product(s): pidgin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18357
 
Oval ID: oval:org.mitre.oval:def:18357
Title: libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996
Description: libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
Family: windows Class: vulnerability
Reference(s): CVE-2007-4999
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
 Product(s): Pidgin
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

OpenVAS Exploits

Date Description
2009-03-23 Name : Ubuntu Update for pidgin vulnerability USN-548-1
File : nvt/gb_ubuntu_USN_548_1.nasl
2009-02-27 Name : Fedora Update for pidgin FEDORA-2007-2714
File : nvt/gb_fedora_2007_2714_pidgin_fc7.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
38695 Pidgin libpurple HTML Logging Malformed Data Remote DoS

Nessus® Vulnerability Scanner

Date Description
2007-11-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-548-1.nasl - Type : ACT_GATHER_INFO
2007-11-14 Name : The remote openSUSE host is missing a security update.
File : suse_libpurple-4671.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2714.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:04:47
  • Multiple Updates