msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.

The remote Solaris system is missing necessary patches to address security updates :

  - proxy.c in libpurple in Pidgin before 2.10.4 does not     properly handle canceled SOCKS5 connection attempts,     which allows user-assisted remote authenticated users to     cause a denial of service (application crash) via a     sequence of XMPP file-transfer requests. (CVE-2012-2214)

  - msg.c in the MSN protocol plugin in libpurple in Pidgin     before 2.10.4 does not properly handle crafted     characters, which allows remote servers to cause a     denial of service (application crash) by placing these     characters in a text/ plain message. (CVE-2012-2318)

Changes in pidgin :

  - bnc#761155, CVE-2012-2318, remote crash via specially     crafted MSN notification message

From Red Hat Security Advisory 2012:1102 :

Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN message.
(CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in.
A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially crafted emoticon tags.
(CVE-2012-3374)

Red Hat would like to thank the Pidgin project for reporting the CVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the original reporter of CVE-2012-3374.

All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.

Various remote triggerable crashes in pidgin have been fixed :

  - In some situations the MSN server sends text that isn't     UTF-8 encoded, and Pidgin fails to verify the text's     encoding. In some cases this can lead to a crash when     attempting to display the text (). (CVE-2012-1178)

  - Incoming messages with certain characters or character     encodings can cause clients to crash. (CVE-2012-1178 /     CVE-2012-2318)

  - A series of specially crafted file transfer requests can     cause clients to reference invalid memory. The user must     have accepted one of the file transfer requests.
    (CVE-2012-2214)

Multiple vulnerabilities has been discovered and corrected in pidgin :

A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests (CVE-2012-2214).

Incoming messages with certain characters or character encodings can cause clients to crash (CVE-2012-2318).

This update provides pidgin 2.10.4, which is not vulnerable to these issues.

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN message.
(CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in.
A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially crafted emoticon tags.
(CVE-2012-3374)

All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1102 advisory.

  - pidgin: Client abort in the MSN protocol plug-in by attempt to display certain, not UTF-8 encoded text     (CVE-2012-1178)

  - pidgin: Improper validation of incoming plaintext messages in MSN protocol plug-in (CVE-2012-2318)

  - pidgin: Stack-based buffer overwrite in MXit protocol libPurple plug-in (CVE-2012-3374)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN message.
(CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in.
A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially crafted emoticon tags.
(CVE-2012-3374)

Red Hat would like to thank the Pidgin project for reporting the CVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the original reporter of CVE-2012-3374.

All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.

Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601)

Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4602)

Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4603)

Julia Lawall discovered that Pidgin incorrectly cleared memory contents used in cryptographic operations. An attacker could exploit this to read the memory contents, leading to an information disclosure. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-4922)

Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled nickname changes inside chat rooms in the XMPP protocol handler. A remote attacker could exploit this by changing nicknames, leading to a denial of service. This issue only affected Ubuntu 11.10.
(CVE-2011-4939)

Thijs Alkemade discovered that Pidgin incorrectly handled off-line instant messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2012-1178)

Jose Valentin Gutierrez discovered that Pidgin incorrectly handled SOCKS5 proxy connections during file transfer requests in the XMPP protocol handler. A remote attacker could send a specially crafted request and cause Pidgin to crash, leading to a denial of service.
This issue only affected Ubuntu 12.04 LTS and 11.10. (CVE-2012-2214)

Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2012-2318)

Ulf Harnhammar discovered that Pidgin incorrectly handled messages with in-line images in the MXit protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2012-3374).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Fix for CVE-2012-2214 and CVE-2012-2318.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Pidgin installed on the remote host is earlier than 2.10.4 and is, therefore, potentially affected by the following issues :

  - An error exists in the file 'libpurple/proxy.c' that     can allow certain file transfer requests to an invalid     pointer to be dereferenced, leading to application     crashes. (CVE-2012-2214)

  - An error exists in the function     'msn_message_parse_payload' in the file     'libpurple/protocols/msn/msg.c' that can allow certain     characters or character encodings to crash the     application. (CVE-2012-2318)

ID	Name	Product	Family	Severity
80738	Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin)	Nessus	Solaris Local Security Checks	medium
74679	openSUSE Security Update : pidgin (openSUSE-SU-2012:0866-1)	Nessus	SuSE Local Security Checks	medium
68584	Oracle Linux 6 : pidgin (ELSA-2012-1102)	Nessus	Oracle Linux Local Security Checks	high
64129	SuSE 11.1 Security Update : finch, libpurple and pidgin (SAT Patch Number 6294)	Nessus	SuSE Local Security Checks	medium
64128	SuSE 11.1 Security Update : finch, libpurple and pidgin (SAT Patch Number 6294)	Nessus	SuSE Local Security Checks	medium
61954	Mandriva Linux Security Advisory : pidgin (MDVSA-2012:082)	Nessus	Mandriva Local Security Checks	medium
61370	Scientific Linux Security Update : pidgin on SL5.x, SL6.x i386/x86_64 (20120719)	Nessus	Scientific Linux Local Security Checks	high
60076	RHEL 5 / 6 : pidgin (RHSA-2012:1102)	Nessus	Red Hat Local Security Checks	high
60067	CentOS 5 / 6 : pidgin (CESA-2012:1102)	Nessus	CentOS Local Security Checks	high
59903	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : pidgin vulnerabilities (USN-1500-1)	Nessus	Ubuntu Local Security Checks	high
59682	SuSE 10 Security Update : finch, libpurple, and pidgin (ZYPP Patch Number 8131)	Nessus	SuSE Local Security Checks	medium
59435	Fedora 16 : pidgin-2.10.4-1.fc16 (2012-8686)	Nessus	Fedora Local Security Checks	medium
59433	Fedora 15 : pidgin-2.10.4-1.fc15 (2012-8669)	Nessus	Fedora Local Security Checks	medium
59353	Fedora 17 : pidgin-2.10.4-1.fc17 (2012-8687)	Nessus	Fedora Local Security Checks	medium
59317	Pidgin < 2.10.4 Multiple DoS Vulnerabilities	Nessus	Windows	medium

Detections

Analytics

CVE-2012-2318

high

Tenable Plugins

medium

medium

high

medium

medium

medium

high

high

high

high

medium

medium

medium

medium

medium