Download
| Alert*
|
oval:org.secpod.oval:def:600811
intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin. This could be exploited by a remote attacker to cause arbitrary code to be executed on the user"s machine. The problem is only in pidgin-otr. Other applications which use libotr are not affected. oval:org.secpod.oval:def:103800 This is a Pidgin plugin which implements Off-the-Record Messaging. It is known to work under the Linux and Windows versions of Pidgin. oval:org.secpod.oval:def:103781 This is a Pidgin plugin which implements Off-the-Record Messaging. It is known to work under the Linux and Windows versions of Pidgin. oval:org.secpod.oval:def:1000463 The remote host is missing a patch 147993-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000498 The remote host is missing a patch 147992-10 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2101117 The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers ... oval:org.secpod.oval:def:6386 The host is installed with Pidgin-otr plugin before 3.2.1-1 for Pidgin and is prone to format string vulnerability. A flaw is present in the Off-the-Record Messaging (OTR) pidgin-otr plugin, which fails to handle format string specifiers in data that generates a log message. Successful exploitation ... |
