[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-1373Date: (C)2009-05-26   (M)2018-06-20


Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.1
Exploit Score: Exploit Score: 3.9
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: HIGH
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
BID-35067
SECUNIA-35188
SECUNIA-35194
SECUNIA-35202
SECUNIA-35215
SECUNIA-35294
SECUNIA-35329
SECUNIA-35330
ADV-2009-1396
DSA-1805
FEDORA-2009-5552
FEDORA-2009-5583
FEDORA-2009-5597
GLSA-200905-07
MDVSA-2009:140
MDVSA-2009:173
RHSA-2009:1059
RHSA-2009:1060
USN-781-1
USN-781-2
http://www.pidgin.im/news/security/?id=29
https://bugzilla.redhat.com/show_bug.cgi?id=500488
pidgin-xmppsocks5-bo(50682)

CPE    20
cpe:/a:pidgin:pidgin:2.0.0
cpe:/a:pidgin:pidgin:2.0.1
cpe:/a:pidgin:pidgin:2.1.0
cpe:/a:pidgin:pidgin:2.1.1
...
CWE    1
CWE-119
OVAL    18
oval:org.mitre.oval:def:8328
oval:org.secpod.oval:def:600288
oval:org.secpod.oval:def:700378
oval:org.secpod.oval:def:700288
...

© SecPod Technologies