Detections
Analytics

Pidgin < 2.10.8 Multiple Vulnerabilities

critical Nessus Plugin ID 72282

Language:

Synopsis

An instant messaging client installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Pidgin installed on the remote host is a version prior to 2.10.8. It is, therefore, potentially affected by the following vulnerabilities :

 - The bundled version of Pango has an error that can lead to an application crash when rendering fonts and attempting to display certain Unicode characters.

- Errors exist related to handling unspecified characters, incorrect character encoding, incorrect XMPP timestamps, hovering a pointer over a long URL, unspecified HTTP responses, Yahoo! P2P messages, STUN responses, and IRC arguments that could cause application crashes and denial of service conditions.
 (CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6484, CVE-2014-0020)

 - Errors exist related to handling MSN SOAP, MSN OIM, and MSN header content that could cause application crashes when NULL pointers are dereferenced.
 (CVE-2013-6482)

 - An error exists related XMPP content such that the 'from' portion of some 'iq' replies is not verified.
 (CVE-2013-6483)

 - Errors exist related to parsing chunked and Gadu-Gadu HTTP content, MXit emoticons, and SIMPLE headers that could allow buffer overflows.
 (CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490)

 - The application does not protect against links to untrusted executable content. (CVE-2013-6486)

Solution

Upgrade to Pidgin 2.10.8 or later.

See Also

https://bitbucket.org/pidgin/

http://www.pidgin.im/news/security/?id=69

http://www.pidgin.im/news/security/?id=70

http://www.pidgin.im/news/security/?id=71

http://www.pidgin.im/news/security/?id=72

http://www.pidgin.im/news/security/?id=73

http://www.pidgin.im/news/security/?id=74

http://www.pidgin.im/news/security/?id=75

http://www.pidgin.im/news/security/?id=76

http://www.pidgin.im/news/security/?id=77

http://www.pidgin.im/news/security/?id=78

http://www.pidgin.im/news/security/?id=79

http://www.pidgin.im/news/security/?id=80

http://www.pidgin.im/news/security/?id=81

http://www.pidgin.im/news/security/?id=82

http://www.pidgin.im/news/security/?id=83

http://www.pidgin.im/news/security/?id=84

http://www.pidgin.im/news/security/?id=85

Plugin Details

Severity: Critical

ID: 72282

File Name: pidgin_2_10_8.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 2/4/2014

Updated: 11/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-6490

Vulnerability Information

CPE: cpe:/a:pidgin:pidgin

Required KB Items: SMB/Pidgin/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/28/2014

Vulnerability Publication Date: 1/28/2014

Reference Information

CVE: CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6486, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020

BID: 65188, 65189, 65192, 65195, 65243, 65492