Detections
Analytics
Mandriva Linux Security Advisory : pidgin (MDVSA-2008:143)
medium Nessus Plugin ID 37612
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
An integer overflow flaw was found in Pidgin's MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message (CVE-2008-2927).In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVA-2008:103 (updated pidgin for 2008.1).
The updated packages have been patched to correct this issue.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 37612
File Name: mandriva_MDVSA-2008-143.nasl
Version: 1.15
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:finch, p-cpe:/a:mandriva:linux:lib64finch0, p-cpe:/a:mandriva:linux:lib64purple-devel, p-cpe:/a:mandriva:linux:lib64purple0, p-cpe:/a:mandriva:linux:libfinch0, p-cpe:/a:mandriva:linux:libpurple-devel, p-cpe:/a:mandriva:linux:libpurple0, p-cpe:/a:mandriva:linux:pidgin, p-cpe:/a:mandriva:linux:pidgin-bonjour, p-cpe:/a:mandriva:linux:pidgin-client, p-cpe:/a:mandriva:linux:pidgin-facebook, p-cpe:/a:mandriva:linux:pidgin-gevolution, p-cpe:/a:mandriva:linux:pidgin-i18n, p-cpe:/a:mandriva:linux:pidgin-meanwhile, p-cpe:/a:mandriva:linux:pidgin-mono, p-cpe:/a:mandriva:linux:pidgin-perl, p-cpe:/a:mandriva:linux:pidgin-silc, p-cpe:/a:mandriva:linux:pidgin-tcl, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 7/10/2008
Reference Information
CVE: CVE-2008-2927
CWE: 189
MDVSA: 2008:143