FreeBSD : pidgin -- MSN overflow parsing SLP messages (59e7af2d-8db7-11de-883b-001e3300a30d)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Secunia reports :

A vulnerability has been reported in Pidgin, which can be exploited by
malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error in the
'msn_slplink_process_msg()' function when processing MSN SLP messages
and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.5.8 and prior. Other
versions may also be affected.

See also :

http://www.pidgin.im/news/security/?id=34
http://www.nessus.org/u?a532ac3d

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 40691 (freebsd_pkg_59e7af2d8db711de883b001e3300a30d.nasl)

Bugtraq ID:

CVE ID: CVE-2009-2694

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now