Pidgin < 2.11.0 Multiple Vulnerabilities

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

An instant messaging client installed on the remote host is affected
by multiple vulnerabilities.

Description :

The version of Pidgin installed on the remote Windows host is prior to
2.11.0. It is, therefore, affected by multiple vulnerabilities :

- A NULL pointer dereference flaw exists when handling the
MXIT protocol. A remote attacker can exploit this, via
crafted MXIT data, to cause a denial of service.
(CVE-2016-2365)

- Multiple out-of-bounds read errors exist when handling
the MXIT protocol. A remote attacker can exploit these,
via crafted MXIT data, to cause a denial of service.
(CVE-2016-2366, CVE-2016-2370)

- An out-of-bounds read error exists when handling the
MXIT protocol. A remote attacker can exploit this, via
an invalid size for an avatar, to disclose memory
contents or cause a denial of service. (CVE-2016-2367)

- Multiple memory corruption issues exist when handling
the MXIT protocol. A remote attacker can exploit these,
via crafted MXIT data, to disclose memory contents or
execute arbitrary code. (CVE-2016-2368)

- A NULL pointer dereference flaw exists when handling the
MXIT protocol. A remote attacker can exploit this, via
crafted MXIT packet starting with a NULL byte, to cause
a denial of service. (CVE-2016-2369)

- An out-of-bounds write error exists when handling the
MXIT protocol. A remote attacker can exploit this, via
crafted MXIT data, to corrupt memory, resulting in the
execution of arbitrary code. (CVE-2016-2371)

- An out-of-bounds read error exists when handling the
MXIT protocol. A remote attacker can exploit this, via
an invalid size for a file transfer, to disclose memory
contents or cause a denial of service. (CVE-2016-2372)

- An out-of-bounds read error exists when handling the
MXIT protocol. A remote attacker can exploit this, by
sending an invalid mood, to cause a denial of service.
(CVE-2016-2373)

- An out-of-bounds write error exists when handling the
MXIT protocol. A remote attacker can exploit this, via
crafted MXIT MultiMX messages, to disclose memory
contents or execute arbitrary code. (CVE-2016-2374)

- An out-of-bounds read error exists when handling the
MXIT protocol. A remote attacker can exploit this, via
crafted MXIT contact information, to disclose memory
contents. (CVE-2016-2375)

- A buffer overflow condition exists when handling the
MXIT protocol. A remote attacker can exploit this, via
a crafted packet having an invalid size, to execute
arbitrary code. (CVE-2016-2376)

- An out-of-bounds write error exists when handling the
MXIT protocol. A remote attacker can exploit this, via
a negative content-length response to an HTTP request,
to cause a denial of service. (CVE-2016-2377)

- A buffer overflow condition exists when handling the
MXIT protocol. A remote attacker can exploit this, via
crafted data using negative length values, to cause a
denial of service. (CVE-2016-2378)

- A flaw exists in MXIT due to using weak cryptography
when encrypting a user password. A man-in-the-middle
attacker able to access login messages can exploit this
to impersonate the user. (CVE-2016-2379)

- An out-of-bounds read error exists when handling the
MXIT protocol. A remote attacker can exploit this, via
a crafted local message, to disclose memory contents.
(CVE-2016-2380)

- A directory traversal flaw exists when handling the
MXIT protocol. A remote attacker can exploit this, via
crafted MXIT data using an invalid file name for a
splash image, to overwrite files. (CVE-2016-4323)

- An unspecified vulnerability exists due to X.509
certificates not being properly imported when using
GnuTLS. No other details are available.
(VulnDB 140411)

See also :

http://www.pidgin.im/news/security/?id=91
http://www.pidgin.im/news/security/?id=92
http://www.pidgin.im/news/security/?id=93
http://www.pidgin.im/news/security/?id=94
http://www.pidgin.im/news/security/?id=95
http://www.pidgin.im/news/security/?id=96
http://www.pidgin.im/news/security/?id=97
http://www.pidgin.im/news/security/?id=98
http://www.pidgin.im/news/security/?id=99
http://www.pidgin.im/news/security/?id=100
http://www.pidgin.im/news/security/?id=101
http://www.pidgin.im/news/security/?id=102
http://www.pidgin.im/news/security/?id=103
http://www.pidgin.im/news/security/?id=104
http://www.pidgin.im/news/security/?id=105
http://www.pidgin.im/news/security/?id=106
http://www.pidgin.im/news/security/?id=107
http://www.pidgin.im/news/security/?id=108

Solution :

Upgrade to Pidgin version 2.11.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now