Pidgin < 2.7.10 Information Disclosure

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

An instant messaging client installed on the remote Windows host is
affected by an information disclosure vulnerability.

Description :

The version of Pidgin installed on the remote host is earlier than
2.7.10. Such versions are potentially affected by an information
disclosure vulnerability because the application does not properly
clear certain data structures used in 'libpurple/cipher.c' prior to
freeing. An attacker, exploiting this flaw, could potentially extract
partial information from memory regions freed by libpurple.

See also :

http://developer.pidgin.im/wiki/ChangeLog
http://www.pidgin.im/news/security/?id=50

Solution :

Upgrade to Pidgin 2.7.10 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 52042 ()

Bugtraq ID: 46307

CVE ID: CVE-2011-4922

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now