Signature Detail
Short Name |
CHAT:MSN:PIDGIN-MSN-IO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
CHAT |
Keywords |
Pidgin MSN MSNP2P Message Integer Overflow |
Release Date |
2010/10/08 |
Update Number |
1789 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
CHAT: Pidgin MSN MSNP2P Message Integer Overflow
This signature detects attempts to exploit a known vulnerability in Pidgin MSN MSNP2P. A successful attack can lead to a integer overflow and arbitrary remote code execution within the context of the user.
Extended Description
Pidgin is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions. Versions prior to Pidgin 2.4.3 are vulnerable.
Affected Products
- Adium 1.2.5
- Adium 1.2.6
- Adium 1.2.7
- Adium 1.3
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Gentoo Linux
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2008.1
- Mandriva Linux Mandrake 2008.1 X86 64
- Pardus Linux 2007
- Pardus Linux 2008
- Pidgin 2.0.0
- Pidgin 2.0.2
- Pidgin 2.1.0
- Pidgin 2.2.0
- Pidgin 2.2.1
- Pidgin 2.2.2
- Pidgin 2.4.1
- Pidgin 2.4.2
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux Desktop Version 4
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux Optional Productivity Application 5 Server
- Red Hat Enterprise Linux WS 4
- Rob Flynn Gaim 0.10.0 X
- Rob Flynn Gaim 0.10.3
- Rob Flynn Gaim 0.50.0
- Rob Flynn Gaim 0.51.0
- Rob Flynn Gaim 0.52.0
- Rob Flynn Gaim 0.53.0
- Rob Flynn Gaim 0.54.0
- Rob Flynn Gaim 0.55.0
- Rob Flynn Gaim 0.56.0
- Rob Flynn Gaim 0.57.0
- Rob Flynn Gaim 0.58.0
- Rob Flynn Gaim 0.59.0
- Rob Flynn Gaim 0.59.1
- Rob Flynn Gaim 0.59.8
- Rob Flynn Gaim 0.60.0
- Rob Flynn Gaim 0.61.0
- Rob Flynn Gaim 0.62.0
- Rob Flynn Gaim 0.63.0
- Rob Flynn Gaim 0.64.0
- Rob Flynn Gaim 0.65.0
- Rob Flynn Gaim 0.66.0
- Rob Flynn Gaim 0.67.0
- Rob Flynn Gaim 0.68.0
- Rob Flynn Gaim 0.69.0
- Rob Flynn Gaim 0.70.0
- Rob Flynn Gaim 0.71.0
- Rob Flynn Gaim 0.72.0
- Rob Flynn Gaim 0.73.0
- Rob Flynn Gaim 0.74.0
- Rob Flynn Gaim 0.75.0
- Rob Flynn Gaim 0.77.0
- Rob Flynn Gaim 0.78.0
- Rob Flynn Gaim 0.82.0
- Rob Flynn Gaim 0.82.1
- Rob Flynn Gaim 1.0.0
- Rob Flynn Gaim 1.0.1
- Rob Flynn Gaim 1.0.2
- Rob Flynn Gaim 1.1.1
- Rob Flynn Gaim 1.1.2
- Rob Flynn Gaim 1.1.3
- Rob Flynn Gaim 1.1.4
- Rob Flynn Gaim 1.2.0
- Rob Flynn Gaim 1.2.1
- Rob Flynn Gaim 1.3.0 .0
- Rob Flynn Gaim 1.3.1
- rPath rPath Linux 1
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 7.10 Amd64
- Ubuntu Ubuntu Linux 7.10 I386
- Ubuntu Ubuntu Linux 7.10 Lpia
- Ubuntu Ubuntu Linux 7.10 Powerpc
- Ubuntu Ubuntu Linux 7.10 Sparc
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
References
- BugTraq: 29956
- CVE: CVE-2008-2927