Pidgin < 2.11.0 Multiple Vulnerabilities

high Nessus Plugin ID 91784

Synopsis

An instant messaging client installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Pidgin installed on the remote Windows host is prior to 2.11.0. It is, therefore, affected by multiple vulnerabilities :

- A NULL pointer dereference flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data, to cause a denial of service.
(CVE-2016-2365)

- Multiple out-of-bounds read errors exist when handling the MXIT protocol. A remote attacker can exploit these, via crafted MXIT data, to cause a denial of service.
(CVE-2016-2366, CVE-2016-2370)

- An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via an invalid size for an avatar, to disclose memory contents or cause a denial of service. (CVE-2016-2367)

- Multiple memory corruption issues exist when handling the MXIT protocol. A remote attacker can exploit these, via crafted MXIT data, to disclose memory contents or execute arbitrary code. (CVE-2016-2368)

- A NULL pointer dereference flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT packet starting with a NULL byte, to cause a denial of service. (CVE-2016-2369)

- An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2371)

- An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via an invalid size for a file transfer, to disclose memory contents or cause a denial of service. (CVE-2016-2372)

- An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, by sending an invalid mood, to cause a denial of service.
(CVE-2016-2373)

- An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT MultiMX messages, to disclose memory contents or execute arbitrary code. (CVE-2016-2374)

- An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT contact information, to disclose memory contents. (CVE-2016-2375)

- A buffer overflow condition exists when handling the MXIT protocol. A remote attacker can exploit this, via a crafted packet having an invalid size, to execute arbitrary code. (CVE-2016-2376)

- An out-of-bounds write error exists when handling the MXIT protocol. A remote attacker can exploit this, via a negative content-length response to an HTTP request, to cause a denial of service. (CVE-2016-2377)

- A buffer overflow condition exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted data using negative length values, to cause a denial of service. (CVE-2016-2378)

- A flaw exists in MXIT due to using weak cryptography when encrypting a user password. A man-in-the-middle attacker able to access login messages can exploit this to impersonate the user. (CVE-2016-2379)

- An out-of-bounds read error exists when handling the MXIT protocol. A remote attacker can exploit this, via a crafted local message, to disclose memory contents.
(CVE-2016-2380)

- A directory traversal flaw exists when handling the MXIT protocol. A remote attacker can exploit this, via crafted MXIT data using an invalid file name for a splash image, to overwrite files. (CVE-2016-4323)

- An unspecified vulnerability exists due to X.509 certificates not being properly imported when using GnuTLS. No other details are available.

Solution

Upgrade to Pidgin version 2.11.0 or later.

See Also

http://www.pidgin.im/news/security/?id=91

http://www.pidgin.im/news/security/?id=92

http://www.pidgin.im/news/security/?id=93

http://www.pidgin.im/news/security/?id=94

http://www.pidgin.im/news/security/?id=95

http://www.pidgin.im/news/security/?id=96

http://www.pidgin.im/news/security/?id=97

http://www.pidgin.im/news/security/?id=98

http://www.pidgin.im/news/security/?id=99

http://www.pidgin.im/news/security/?id=100

http://www.pidgin.im/news/security/?id=101

http://www.pidgin.im/news/security/?id=102

http://www.pidgin.im/news/security/?id=103

http://www.pidgin.im/news/security/?id=104

http://www.pidgin.im/news/security/?id=105

http://www.pidgin.im/news/security/?id=106

http://www.pidgin.im/news/security/?id=107

http://www.pidgin.im/news/security/?id=108

Plugin Details

Severity: High

ID: 91784

File Name: pidgin_2_11_0.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 6/23/2016

Updated: 11/14/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-2368

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:pidgin:pidgin

Required KB Items: SMB/Pidgin/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/21/2016

Vulnerability Publication Date: 6/21/2016

Reference Information

CVE: CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2379, CVE-2016-2380, CVE-2016-4323