Detections
Analytics
Debian DSA-2038-1 : pidgin - several vulnerabilities
medium Nessus Plugin ID 45560
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2010-0420 Crafted nicknames in the XMPP protocol can crash Pidgin remotely.
- CVE-2010-0423 Remote contacts may send too many custom smilies, crashing Pidgin.
Since a few months, Microsoft's servers for MSN have changed the protocol, making Pidgin non-functional for use with MSN. It is not feasible to port these changes to the version of Pidgin in Debian Lenny. This update formalises that situation by disabling the protocol in the client. Users of the MSN protocol are advised to use the version of Pidgin in the repositories of www.backports.org.
Solution
Upgrade the pidgin package.For the stable distribution (lenny), these problems have been fixed in version 2.4.3-4lenny6.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566775
https://security-tracker.debian.org/tracker/CVE-2010-0420
Plugin Details
Severity: Medium
ID: 45560
File Name: debian_DSA-2038.nasl
Version: 1.13
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 4/19/2010
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:pidgin, cpe:/o:debian:debian_linux:5.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 4/18/2010
Reference Information
CVE: CVE-2010-0420, CVE-2010-0423
BID: 38294