Published: 31/08/2009 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote malicious users to sniff sessions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pidgin pidgin 2.6.0

It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service This issue only affected Ubuntu 804 LTS, Ubuntu 810 and Ubuntu 904 (CVE-2009-2703) ...

CWE-310 http://www.openwall.com/lists/oss-security/2009/08/24/2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891 http://developer.pidgin.im/ticket/8131 http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279 http://secunia.com/advisories/37071 http://www.securityfocus.com/bid/36368 https://exchange.xforce.ibmcloud.com/vulnerabilities/53000 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070 https://usn.ubuntu.com/886-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3026

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect