This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
CVE-2010-0277 pidgin MSN protocol plugin memory corruption
CVE-2010-0420 pidgin: Finch XMPP MUC Crash
CVE-2010-0423 pidgin: Smiley Denial of Service
An input sanitization flaw was found in the way Pidgin's MSN protocol
implementation handled MSNSLP invitations. A remote attacker could
send a specially crafted INVITE request that would cause a denial of
service (memory corruption and Pidgin crash). (CVE-2010-0277)
A denial of service flaw was found in Finch's XMPP chat
implementation, when using multi-user chat. If a Finch user in a
multi-user chat session were to change their nickname to contain the
HTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)
A denial of service flaw was found in the way Pidgin processed
emoticon images. A remote attacker could flood the victim with
emoticon images during mutual communication, leading to excessive CPU
Pidgin must be restarted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60738 ()
CVE ID: CVE-2010-0277CVE-2010-0420CVE-2010-0423
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.