Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.

The remote Solaris system is missing necessary patches to address security updates :

  - Buffer overflow in markup.c in the MXit protocol plugin     in libpurple in Pidgin before 2.10.5 allows remote     attackers to execute arbitrary code via a crafted inline     image in a message. (CVE-2012-3374)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1102 advisory.

    - Add patch for CVE-2011-2485 (RH bug #837561).
    - Add patch for CVE-2012-1178 (RH bug #837560).
    - Add patch for CVE-2012-2318 (RH bug #837560).
    - Add patch for CVE-2012-3374 (RH bug #837560).
    - Add patch for CVE-2011-4602 (RH bug #766453).

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update of pidgin fixes a stack-based buffer overflow in the MXit protocol which could have potentially been exploited by remote attackers to execute arbitrary code in the context of the user running pidgin. (CVE-2012-3374)

The remote host is affected by the vulnerability described in GLSA-201209-17 (Pidgin: Arbitrary code execution)

    A stack-based buffer overflow vulnerability has been found in the MXit       protocol plug-in for libpurple.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the Pidgin process, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

A vulnerability has been discovered and corrected in pidgin :

Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code (CVE-2012-3374).

This update provides pidgin 2.10.6, which is not vulnerable to this issue.

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN message.
(CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in.
A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially crafted emoticon tags.
(CVE-2012-3374)

All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1102 advisory.

  - pidgin: Client abort in the MSN protocol plug-in by attempt to display certain, not UTF-8 encoded text     (CVE-2012-1178)

  - pidgin: Improper validation of incoming plaintext messages in MSN protocol plug-in (CVE-2012-2318)

  - pidgin: Stack-based buffer overwrite in MXit protocol libPurple plug-in (CVE-2012-3374)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN message.
(CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in.
A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially crafted emoticon tags.
(CVE-2012-3374)

Red Hat would like to thank the Pidgin project for reporting the CVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the original reporter of CVE-2012-3374.

All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.

New release 2.10.5

Full Upstream ChangeLog :

http://developer.pidgin.im/wiki/ChangeLog

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

The version of Pidgin installed on the remote host is earlier than 2.10.5.  As such, it is potentially affected by a stack-based buffer overflow vulnerability. 

An error in the function 'mxit_show_message' in the file 'libpurple/protocols/mxit/markup.c' can allow a stack-based buffer overflow to occur when parsing a received message containing inline images.  This can result in application crashes and potentially arbitrary code execution.

Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601)

Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4602)

Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4603)

Julia Lawall discovered that Pidgin incorrectly cleared memory contents used in cryptographic operations. An attacker could exploit this to read the memory contents, leading to an information disclosure. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-4922)

Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled nickname changes inside chat rooms in the XMPP protocol handler. A remote attacker could exploit this by changing nicknames, leading to a denial of service. This issue only affected Ubuntu 11.10.
(CVE-2011-4939)

Thijs Alkemade discovered that Pidgin incorrectly handled off-line instant messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2012-1178)

Jose Valentin Gutierrez discovered that Pidgin incorrectly handled SOCKS5 proxy connections during file transfer requests in the XMPP protocol handler. A remote attacker could send a specially crafted request and cause Pidgin to crash, leading to a denial of service.
This issue only affected Ubuntu 12.04 LTS and 11.10. (CVE-2012-2214)

Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2012-2318)

Ulf Harnhammar discovered that Pidgin incorrectly handled messages with in-line images in the MXit protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2012-3374).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ulf Harnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution.

ID	Name	Product	Family	Severity
80739	Oracle Solaris Third-Party Patch Update : pidgin (cve_2012_3374_buffer_overflow)	Nessus	Solaris Local Security Checks	high
68584	Oracle Linux 6 : pidgin (ELSA-2012-1102)	Nessus	Oracle Linux Local Security Checks	high
64130	SuSE 11.1 Security Update : pidgin, finch and libpurple (SAT Patch Number 6534)	Nessus	SuSE Local Security Checks	high
62359	GLSA-201209-17 : Pidgin: Arbitrary code execution	Nessus	Gentoo Local Security Checks	high
61958	Mandriva Linux Security Advisory : pidgin (MDVSA-2012:105)	Nessus	Mandriva Local Security Checks	high
61370	Scientific Linux Security Update : pidgin on SL5.x, SL6.x i386/x86_64 (20120719)	Nessus	Scientific Linux Local Security Checks	high
60076	RHEL 5 / 6 : pidgin (RHSA-2012:1102)	Nessus	Red Hat Local Security Checks	high
60067	CentOS 5 / 6 : pidgin (CESA-2012:1102)	Nessus	CentOS Local Security Checks	high
60059	SuSE 10 Security Update : pidgin, finch and libpurple (ZYPP Patch Number 8220)	Nessus	SuSE Local Security Checks	high
59976	Fedora 16 : pidgin-2.10.5-1.fc16 (2012-10294)	Nessus	Fedora Local Security Checks	high
59971	Slackware 12.2 / 13.0 / 13.1 / 13.37 / current : pidgin (SSA:2012-195-02)	Nessus	Slackware Local Security Checks	high
59969	Pidgin < 2.10.5 mxit_show_message Function RX Message Inline Image Parsing Remote Overflow	Nessus	Windows	high
59941	Fedora 17 : pidgin-2.10.5-1.fc17 (2012-10287)	Nessus	Fedora Local Security Checks	high
59903	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : pidgin vulnerabilities (USN-1500-1)	Nessus	Ubuntu Local Security Checks	high
59890	Debian DSA-2509-1 : pidgin - remote code execution	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2012-3374

critical

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high