Computer Security
[EN] securityvulns.ru no-pyccku


libpurple / Pidgin buffer overflow
updated since 01.09.2008
Published:09.06.2009
Source:
SecurityVulns ID:9250
Type:library
Threat Level:
6/10
Description:Buffer overflow on MSN SLP messages parsing.
Affected:PIDGIN : Pidgin 2.4
CVE:CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.)
 CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.)
Original documentdocumentZDI, ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (09.06.2009)
 documentZDI, ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (01.09.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod