Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-2694

Source

Debian Bug report logs - #542486
pidgin: CVE-2009-2694 Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability

Package: pidgin; Maintainer for pidgin is Ari Pollak <ari@debian.org>; Source for pidgin is src:pidgin (PTS, buildd, popcon).

Reported by: Josue Abarca <jmaslibre@debian.org.gt>

Date: Wed, 19 Aug 2009 21:21:02 UTC

Severity: normal

Tags: security

Found in version pidgin/2.4.3-4lenny2

Fixed in versions 2.4.3-4lenny3, 2.5.9-1

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Ari Pollak <ari@debian.org>:
Bug#542486; Package pidgin. (Wed, 19 Aug 2009 21:21:06 GMT) (full text, mbox, link).

Acknowledgement sent to Josue Abarca <jmaslibre@debian.org.gt>:
New Bug report received and forwarded. Copy sent to Ari Pollak <ari@debian.org>. (Wed, 19 Aug 2009 21:21:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: pidgin
Version: 2.4.3-4lenny2
Severity: normal
Tags: security


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pidgin.


CVE-2009-2694[0]:
| A remote arbitrary-code-execution vulnerability has been found in
| Libpurple (used by Pidgin and Adium instant messaging clients, among
| others), which can be triggered by a remote attacker by sending a
| specially crafted MSNSLP packet  [4] with invalid data to the client
| through the MSN server. No victim interaction is required, and the
| attacker is not required to be in the victim's buddy list (under
| default configuration).

This bug is fixed in pidgin 2.5.9 [1]


Thanks for your work.

[0] http://www.coresecurity.com/content/libpurple-arbitrary-write
[1] http://pidgin.im/news/security/?id=34

Bug Marked as fixed in versions 2.4.3-4lenny3. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 19 Aug 2009 22:54:17 GMT) (full text, mbox, link).

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Wed, 19 Aug 2009 22:54:23 GMT) (full text, mbox, link).

Notification sent to Josue Abarca <jmaslibre@debian.org.gt>:
Bug acknowledged by developer. (Wed, 19 Aug 2009 22:54:23 GMT) (full text, mbox, link).

Message #12 received at 542486-done@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Version: 2.5.9-1

[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 17 Sep 2009 07:39:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:38:10 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

pidgin: CVE-2009-2694 Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability

Debian Bug report logs - #542486
pidgin: CVE-2009-2694 Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability

Vulmon Search

About

Products

Connect

pidgin: CVE-2009-2694 Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability

Debian Bug report logs - #542486 pidgin: CVE-2009-2694 Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability

Vulmon Search

About

Products

Connect

Debian Bug report logs - #542486
pidgin: CVE-2009-2694 Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability