[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-1373

Date: (C)2009-05-26   (M)2017-10-04
 
CVSS Score: 7.1Access Vector: NETWORK
Exploitability Subscore: 3.9Access Complexity: HIGH
Impact Subscore: 10.0Authentication: SINGLE_INSTANCE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

Reference:
BID-35067
SECUNIA-35188
SECUNIA-35194
SECUNIA-35202
SECUNIA-35215
SECUNIA-35294
SECUNIA-35329
SECUNIA-35330
ADV-2009-1396
DSA-1805
FEDORA-2009-5552
FEDORA-2009-5583
FEDORA-2009-5597
GLSA-200905-07
MDVSA-2009:140
MDVSA-2009:173
RHSA-2009:1059
RHSA-2009:1060
USN-781-1
USN-781-2
http://www.pidgin.im/news/security/?id=29
https://bugzilla.redhat.com/show_bug.cgi?id=500488
pidgin-xmppsocks5-bo(50682)

CPE    20
cpe:/a:pidgin:pidgin:2.1.0
cpe:/a:pidgin:pidgin:2.2.0
cpe:/a:pidgin:pidgin:2.2.1
cpe:/a:pidgin:pidgin:2.0.0
...
CWE    1
CWE-119
OVAL    18
oval:org.secpod.oval:def:16932
oval:org.secpod.oval:def:300610
oval:org.secpod.oval:def:200629
oval:org.secpod.oval:def:101490
...

© 2013 SecPod Technologies