Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2010-0013

Published: 09/01/2010 Updated: 26/01/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Adium

Vulnerability Summary

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote malicious users to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

Vulnerable Product Search on Vulmon Subscribe to Product

adium adium 1.3.8

pidgin pidgin 2.6.4

fedoraproject fedora 11

fedoraproject fedora 12

suse linux enterprise server 10

suse linux enterprise 11.0

opensuse opensuse

redhat enterprise linux 4.0

redhat enterprise linux 5.0

Vendor Advisories

Red Hat: Important: pidgin security update
Synopsis Important: pidgin security update Type/Severity Security Advisory: Important Topic Updated pidgin packages that fix a security issue are now available for RedHat Enterprise Linux 4 and 5This update has been rated as having important security impact by the RedHat Security Response Team De ...
Ubuntu Security Notice: pidgin vulnerabilities
It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service This issue only affected Ubuntu 804 LTS, Ubuntu 810 and Ubuntu 904 (CVE-2009-2703) ...
Debian CVElist Bug Report Logs: pidgin: local file disclosure vulnerability
Debian Bug report logs - #563206 pidgin: local file disclosure vulnerability Package: src:pidgin; Maintainer for src:pidgin is Ari Pollak <ari@debianorg>; Reported by: Raphael Geissert <geissert@debianorg> Date: Thu, 31 Dec 2009 23:06:02 UTC Severity: grave Tags: security Found in version pidgin/264-1 Fixed in v ...
Debian CVElist Bug Report Logs: qutecom: multiple vulnerabilities
Debian Bug report logs - #572946 qutecom: multiple vulnerabilities Package: qutecom; Maintainer for qutecom is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for qutecom is src:qutecom (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Sun, 7 Mar 2010 19:4 ...
Debian CVElist Bug Report Logs: pidgin: CVE-2010-0277 denial-of-service
Debian Bug report logs - #566775 pidgin: CVE-2010-0277 denial-of-service Package: pidgin; Maintainer for pidgin is Ari Pollak <ari@debianorg>; Source for pidgin is src:pidgin (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Mon, 25 Jan 2010 02:21:01 UTC Severity: important Tags ...

Exploits

Exploit DB: Pidgin MSN 2.6.4 - File Download
#!/usr/bin/env python """ Pidgin MSN <= 264 file download vulnerability 19 January 2010 Mathieu GASPARD (gaspmat@gmailcom) Description: Pidgin is a multi-protocol Instant Messenger This is an exploit for the vulnerability[1] discovered in Pidgin by Fabian Yamaguchi The issue is caused by an error in the MSN custom smiley feature ...
Exploit DB: Pidgin MSN 2.6.4 File Download
Pidgin MSN versions 264 and below file download proof of concept exploit ...

References

CWE-22https://bugzilla.redhat.com/show_bug.cgi?id=552483http://www.vupen.com/english/advisories/2009/3663http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467http://www.vupen.com/english/advisories/2009/3662http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92fhttp://events.ccc.de/congress/2009/Fahrplan/events/3596.en.htmlhttp://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.chttp://secunia.com/advisories/37954http://www.openwall.com/lists/oss-security/2010/01/07/1http://secunia.com/advisories/37953http://www.openwall.com/lists/oss-security/2010/01/07/2http://www.openwall.com/lists/oss-security/2010/01/02/1http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1http://secunia.com/advisories/38915http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.htmlhttp://secunia.com/advisories/37961http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.htmlhttp://www.vupen.com/english/advisories/2010/1020http://www.mandriva.com/security/advisories?name=MDVSA-2010:085http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333https://access.redhat.com/errata/RHSA-2010:0044https://usn.ubuntu.com/886-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/11203/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook