Mandriva Linux Security Advisory : pidgin (MDVSA-2010:001)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Security vulnerabilities has been identified and fixed in pidgin :

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and
Adium before 1.3.7 allows remote attackers to cause a denial of
service (application crash) via crafted contact-list data for (1) ICQ
and possibly (2) AIM, as demonstrated by the SIM IM client

Directory traversal vulnerability in slp.c in the MSN protocol plugin
in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers
to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a
related issue to CVE-2004-0122. NOTE: it could be argued that this is
resultant from a vulnerability in which an emoticon download request
is processed even without a preceding text/x-mms-emoticon message that
announced availability of the emoticon (CVE-2010-0013).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

This update provides pidgin 2.6.5, which is not vulnerable to these

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 43853 (mandriva_MDVSA-2010-001.nasl)

Bugtraq ID: 37524

CVE ID: CVE-2009-3615

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now