CVE-2009-1376
published 2009-05-26CVE-2009-1376: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2)…
PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
13.29%
95.9th percentile
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adium | adium | <= 1.3.5 | — |
| adium | adium | — | — |
| adium | adium | — | — |
| adium | adium | — | — |
| adium | adium | — | — |
| adium | adium | — | — |
| adium | adium | — | — |
| debian | pidgin | < pidgin 2.5.9-1 (bookworm) | pidgin 2.5.9-1 (bookworm) |
| debian | pidgin | < pidgin 2.5.6-1 (bookworm) | pidgin 2.5.6-1 (bookworm) |
| pidgin | pidgin | <= 2.5.8 | — |
| pidgin | pidgin | <= 2.5.5 | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
| pidgin | pidgin | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
vendor_ubuntu7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p33h-j5pj-5f6r: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-1376 [MEDIUM] GHSA-p33h-j5pj-5f6r: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
GHSA
GHSA-gg6v-c4q4-582f: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-2694 [CRITICAL] GHSA-gg6v-c4q4-582f: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
OSV
CVE-2009-2694: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink
osv·2009-08-21·CVSS 9.3
CVE-2009-2694 [CRITICAL] CVE-2009-2694: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
OSV
CVE-2009-1376: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink
osv·2009-05-26·CVSS 6.8
CVE-2009-1376 [MEDIUM] CVE-2009-1376: Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Ubuntu
Pidgin vulnerabilities
vendor_ubuntu·2010-01-18·CVSS 5.0
CVE-2008-2955 [MEDIUM] Pidgin vulnerabilities
Title: Pidgin vulnerabilities
Summary: Pidgin vulnerabilities
It was discovered that Pidgin did not properly handle certain topic
messages in the IRC protocol handler. If a user were tricked into
connecting to a malicious IRC server, an attacker could cause Pidgin to
crash, leading to a denial of service. This issue only affected Ubuntu 8.04
LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)
It was discovered that Pidgin did not properly enforce the "require
TLS/SSL" setting when connecting to certain older Jabber servers. If a
remote attacker were able to perform a machine-in-the-middle attack, this flaw
could be exploited to view sensitive information. This issue only affected
Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3026)
It was discovered that Pidgin did not properly
Red Hat
pidgin: insufficient input validation in msn_slplink_process_msg()
vendor_redhat·2009-08-18·CVSS 9.3
CVE-2009-2694 [CRITICAL] CWE-228 pidgin: insufficient input validation in msn_slplink_process_msg()
pidgin: insufficient input validation in msn_slplink_process_msg()
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Mitigation: Users can lower the impact of this flaw by making sure their privacy settings only allow Pidgin to accept messages from the users on their buddy list. This will prevent exploitation of this flaw by other random MSN users.
Ubuntu
Pidgin vulnerabilities
vendor_ubuntu·2009-06-03·CVSS 7.1
CVE-2009-1373 [HIGH] Pidgin vulnerabilities
Title: Pidgin vulnerabilities
Summary: Pidgin vulnerabilities
It was discovered that Pidgin did not properly handle certain malformed
messages when sending a file using the XMPP protocol handler. If a user
were tricked into sending a file, a remote attacker could send a specially
crafted response and cause Pidgin to crash, or possibly execute arbitrary
code with user privileges. (CVE-2009-1373)
It was discovered that Pidgin did not properly handle certain malformed
messages in the QQ protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash. This issue only
affected Ubuntu 8.10 and 9.04. (CVE-2009-1374)
It was discovered that Pidgin did not properly handle certain malformed
messages in the XMPP and Sametime protocol handlers. A remote attacker
Ubuntu
Gaim vulnerabilities
vendor_ubuntu·2009-06-03·CVSS 7.1
CVE-2009-1373 [HIGH] Gaim vulnerabilities
Title: Gaim vulnerabilities
Summary: Gaim vulnerabilities
It was discovered that Gaim did not properly handle certain malformed
messages when sending a file using the XMPP protocol handler. If a user
were tricked into sending a file, a remote attacker could send a specially
crafted response and cause Gaim to crash, or possibly execute arbitrary
code with user privileges. (CVE-2009-1373)
It was discovered that Gaim did not properly handle certain malformed
messages in the MSN protocol handler. A remote attacker could send a
specially crafted message and possibly execute arbitrary code with user
privileges. (CVE-2009-1376)
Instructions: After a standard system upgrade you need to restart Gaim to effect
the necessary changes.
Red Hat
pidgin incomplete fix for CVE-2008-2927
vendor_redhat·2009-05-02·CVSS 6.8
CVE-2009-1376 [MEDIUM] pidgin incomplete fix for CVE-2008-2927
pidgin incomplete fix for CVE-2008-2927
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Debian
CVE-2009-2694: pidgin - The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in lib...
vendor_debian·2009·CVSS 9.3
CVE-2009-2694 [CRITICAL] CVE-2009-2694: pidgin - The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in lib...
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Scope: local
bookworm: resolved (fixed in 2.5.9-1)
bullseye: resolved (fixed in 2.5.9-1)
forky: resolved (fixed in 2.5.9-1)
sid: resolved (fixed in 2.5.9-1)
trixie: resolved (fixed in 2.5.9-1)
Debian
CVE-2009-1376: pidgin - Multiple integer overflows in the msn_slplink_process_msg functions in the MSN p...
vendor_debian·2009·CVSS 6.8
CVE-2009-1376 [MEDIUM] CVE-2009-1376: pidgin - Multiple integer overflows in the msn_slplink_process_msg functions in the MSN p...
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Scope: local
bookworm: resolved (fixed in 2.5.6-1)
bullseye: resolved (fixed in 2.5.6-1)
forky: resolved (fixed in 2.5.6-1)
sid: resolved (fixed in 2.5.6-1)
trixie: resolved (fixed in 2.5.6-1)
No detection rules found.
Bugzilla
CVE-2009-2694 pidgin: insufficient input validation in msn_slplink_process_msg()
bugzilla·2009-07-31·CVSS 6.8
CVE-2009-2694 [MEDIUM] CVE-2009-2694 pidgin: insufficient input validation in msn_slplink_process_msg()
CVE-2009-2694 pidgin: insufficient input validation in msn_slplink_process_msg()
Core Security Technologies reported that previous upstream fixes addressing insufficient input validation flaw in pidgin / libpurple in function msn_slplink_process_msg() are inefficient and can be bypassed. This flaw allows an attacker to overwrite pidgin's memory and possibly execute arbitrary code with the privileges of the user running application using libpurple.
This issue was previously tracked as CVE-2008-2927 (bug #453764) and CVE-2009-1376 (bug #500493, incomplete fix).
Discussion:
Mitigation:
Users can lower the impact of this flaw by making sure their privacy settings only allow Pidgin to accept messages from the users on their buddy list. This will prevent exploitation of this flaw by other r
Bugzilla
CVE-2009-1376 CVE-2009-1373 CVE-2009-1374 CVE-2009-1375 Multiple pidgin vulnerabilities
bugzilla·2009-05-26·CVSS 6.8
CVE-2009-1376 [MEDIUM] CVE-2009-1376 CVE-2009-1373 CVE-2009-1374 CVE-2009-1375 Multiple pidgin vulnerabilities
CVE-2009-1376 CVE-2009-1373 CVE-2009-1374 CVE-2009-1375 Multiple pidgin vulnerabilities
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in all affected branches.
For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.
bug #500493: CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927
bug #500488: CVE-2009-1373 pidgin file transfer buffer overflow
bug #500490: CVE-2009-1374 pidgin DoS when decrypting qq packets
bug #500491: CVE-2009-1375 pidgin PurpleCircBuffer corruption
When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product.
Please mention CVE
Bugzilla
CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927
bugzilla·2009-05-12·CVSS 6.8
CVE-2009-1376 [MEDIUM] CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927
CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927
The integer overflow fix for CVE-2008-2927 was incomplete on 32 bit
platforms. If a Pidgin user can receive a specially crafted MSN message,
it may be possible to execute arbitrary code with the permissions of the
user running Pidgin.
This flaw is only exploitable by individuals who can message a user, which
is controlled by the Pidgin privacy setting. The default setting is to
only allow messages from users in the buddy list.
Discussion:
Link to upstream advisory:
http://www.pidgin.im/news/security//?id=32
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Via RHSA-2009:1059 https://rhn.redhat.com/errata/RHSA-2009-1059.html
---
This issue has been addressed in following products:
Red Hat Ent
http://debian.org/security/2009/dsa-1805http://secunia.com/advisories/35188http://secunia.com/advisories/35194http://secunia.com/advisories/35202http://secunia.com/advisories/35215http://secunia.com/advisories/35294http://secunia.com/advisories/35329http://secunia.com/advisories/35330http://secunia.com/advisories/37071http://www.gentoo.org/security/en/glsa/glsa-200905-07.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:140http://www.mandriva.com/security/advisories?name=MDVSA-2009:173http://www.pidgin.im/news/security/?id=32http://www.redhat.com/support/errata/RHSA-2009-1059.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1060.htmlhttp://www.securityfocus.com/bid/35067http://www.ubuntu.com/usn/USN-781-1http://www.ubuntu.com/usn/USN-781-2http://www.vupen.com/english/advisories/2009/1396https://bugzilla.redhat.com/show_bug.cgi?id=500493https://exchange.xforce.ibmcloud.com/vulnerabilities/50680https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.htmlhttp://debian.org/security/2009/dsa-1805http://secunia.com/advisories/35188http://secunia.com/advisories/35194http://secunia.com/advisories/35202http://secunia.com/advisories/35215http://secunia.com/advisories/35294http://secunia.com/advisories/35329http://secunia.com/advisories/35330http://secunia.com/advisories/37071http://www.gentoo.org/security/en/glsa/glsa-200905-07.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:140http://www.mandriva.com/security/advisories?name=MDVSA-2009:173http://www.pidgin.im/news/security/?id=32http://www.redhat.com/support/errata/RHSA-2009-1059.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1060.htmlhttp://www.securityfocus.com/bid/35067http://www.ubuntu.com/usn/USN-781-1http://www.ubuntu.com/usn/USN-781-2http://www.vupen.com/english/advisories/2009/1396https://bugzilla.redhat.com/show_bug.cgi?id=500493https://exchange.xforce.ibmcloud.com/vulnerabilities/50680https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
2009-05-26
Published