Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
CHAT:MSN:PIDGIN-MSN-IO |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
CHAT |
Keywords |
Pidgin MSN MSNP2P Message Integer Overflow |
Release Date |
2010/10/08 |
Update Number |
1789 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
CHAT: Pidgin MSN MSNP2P Message Integer Overflow
This signature detects attempts to exploit a known vulnerability in Pidgin MSN MSNP2P. A successful attack can lead to a integer overflow and arbitrary remote code execution within the context of the user.
Extended Description
Pidgin is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions. Versions prior to Pidgin 2.4.3 are vulnerable.
Affected Products
- Adium adium 1.2.5
- Adium adium 1.2.6
- Adium adium 1.2.7
- Adium adium 1.3
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Gentoo linux
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Mandriva linux_mandrake 2008.1
- Mandriva linux_mandrake 2008.1 X86 64
- Pardus linux_2007
- Pardus linux_2008
- Pidgin pidgin 2.0.0
- Pidgin pidgin 2.0.2
- Pidgin pidgin 2.1.0
- Pidgin pidgin 2.2.0
- Pidgin pidgin 2.2.1
- Pidgin pidgin 2.2.2
- Pidgin pidgin 2.4.1
- Pidgin pidgin 2.4.2
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux Desktop Version 4
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_optional_productivity_application 5 Server
- Red_hat enterprise_linux_ws 4
- Rob_flynn gaim 0.10.0 X
- Rob_flynn gaim 0.10.3
- Rob_flynn gaim 0.50.0
- Rob_flynn gaim 0.51.0
- Rob_flynn gaim 0.52.0
- Rob_flynn gaim 0.53.0
- Rob_flynn gaim 0.54.0
- Rob_flynn gaim 0.55.0
- Rob_flynn gaim 0.56.0
- Rob_flynn gaim 0.57.0
- Rob_flynn gaim 0.58.0
- Rob_flynn gaim 0.59.0
- Rob_flynn gaim 0.59.1
- Rob_flynn gaim 0.59.8
- Rob_flynn gaim 0.60.0
- Rob_flynn gaim 0.61.0
- Rob_flynn gaim 0.62.0
- Rob_flynn gaim 0.63.0
- Rob_flynn gaim 0.64.0
- Rob_flynn gaim 0.65.0
- Rob_flynn gaim 0.66.0
- Rob_flynn gaim 0.67.0
- Rob_flynn gaim 0.68.0
- Rob_flynn gaim 0.69.0
- Rob_flynn gaim 0.70.0
- Rob_flynn gaim 0.71.0
- Rob_flynn gaim 0.72.0
- Rob_flynn gaim 0.73.0
- Rob_flynn gaim 0.74.0
- Rob_flynn gaim 0.75.0
- Rob_flynn gaim 0.77.0
- Rob_flynn gaim 0.78.0
- Rob_flynn gaim 0.82.0
- Rob_flynn gaim 0.82.1
- Rob_flynn gaim 1.0.0
- Rob_flynn gaim 1.0.1
- Rob_flynn gaim 1.0.2
- Rob_flynn gaim 1.1.1
- Rob_flynn gaim 1.1.2
- Rob_flynn gaim 1.1.3
- Rob_flynn gaim 1.1.4
- Rob_flynn gaim 1.2.0
- Rob_flynn gaim 1.2.1
- Rob_flynn gaim 1.3.0 .0
- Rob_flynn gaim 1.3.1
- Rpath rpath_linux 1
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Ubuntu ubuntu_linux 7.10 Amd64
- Ubuntu ubuntu_linux 7.10 I386
- Ubuntu ubuntu_linux 7.10 Lpia
- Ubuntu ubuntu_linux 7.10 Powerpc
- Ubuntu ubuntu_linux 7.10 Sparc
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
References
- BugTraq: 29956
- CVE: CVE-2008-2927