[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1373Date: (C)2009-05-26   (M)2024-02-01


Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-35067
SECUNIA-35188
SECUNIA-35194
SECUNIA-35202
SECUNIA-35215
SECUNIA-35294
SECUNIA-35329
SECUNIA-35330
ADV-2009-1396
DSA-1805
FEDORA-2009-5552
FEDORA-2009-5583
FEDORA-2009-5597
GLSA-200905-07
MDVSA-2009:140
MDVSA-2009:173
RHSA-2009:1059
RHSA-2009:1060
USN-781-1
USN-781-2
http://www.pidgin.im/news/security/?id=29
https://bugzilla.redhat.com/show_bug.cgi?id=500488
oval:org.mitre.oval:def:17722
oval:org.mitre.oval:def:9005
pidgin-xmppsocks5-bo(50682)

CPE    20
cpe:/a:pidgin:pidgin:2.0.0
cpe:/a:pidgin:pidgin:2.1.0
cpe:/a:pidgin:pidgin:2.0.1
cpe:/a:pidgin:pidgin:2.2.0
...
CWE    1
CWE-119
OVAL    18
oval:org.secpod.oval:def:16932
oval:org.secpod.oval:def:300610
oval:org.secpod.oval:def:200629
oval:org.secpod.oval:def:101490
...

© SecPod Technologies