10

CVE-2009-2694

Exploit
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdiumAdium Version <= 1.3.5
AdiumAdium Version1.2.7
AdiumAdium Version1.3
AdiumAdium Version1.3.1
AdiumAdium Version1.3.2
AdiumAdium Version1.3.3
AdiumAdium Version1.3.4
PidginPidgin Version <= 2.5.8
PidginPidgin Version2.0.0
PidginPidgin Version2.0.1
PidginPidgin Version2.0.2
PidginPidgin Version2.1.0
PidginPidgin Version2.1.1
PidginPidgin Version2.2.0
PidginPidgin Version2.2.1
PidginPidgin Version2.2.2
PidginPidgin Version2.3.0
PidginPidgin Version2.3.1
PidginPidgin Version2.4.0
PidginPidgin Version2.4.1
PidginPidgin Version2.4.2
PidginPidgin Version2.4.3
PidginPidgin Version2.5.0
PidginPidgin Version2.5.1
PidginPidgin Version2.5.2
PidginPidgin Version2.5.3
PidginPidgin Version2.5.4
PidginPidgin Version2.5.6
PidginPidgin Version2.5.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.3% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/37071
http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e
Patch
http://developer.pidgin.im/wiki/ChangeLog
http://secunia.com/advisories/36384
Vendor Advisory
http://secunia.com/advisories/36392
Vendor Advisory
http://secunia.com/advisories/36401
Vendor Advisory
http://secunia.com/advisories/36402
http://secunia.com/advisories/36708
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1
http://www.coresecurity.com/content/libpurple-arbitrary-write
Exploit
http://www.debian.org/security/2009/dsa-1870
Patch
http://www.exploit-db.com/exploits/9615
http://www.pidgin.im/news/security/?id=34
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2303
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2663
https://bugzilla.redhat.com/show_bug.cgi?id=514957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320
https://rhn.redhat.com/errata/RHSA-2009-1218.html
Vendor Advisory