This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Security vulnerabilities has been identified and fixed in pidgin :
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and
Adium before 1.3.7 allows remote attackers to cause a denial of
service (application crash) via crafted contact-list data for (1) ICQ
and possibly (2) AIM, as demonstrated by the SIM IM client
Directory traversal vulnerability in slp.c in the MSN protocol plugin
in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers
to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a
related issue to CVE-2004-0122. NOTE: it could be argued that this is
resultant from a vulnerability in which an emoticon download request
is processed even without a preceding text/x-mms-emoticon message that
announced availability of the emoticon (CVE-2010-0013).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
This update provides pidgin 2.6.5, which is not vulnerable to these
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true