[CVE-2008-2927] MSN integer overflow in Pidgin
Bug #245770 reported by
Till Ulen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin (Debian) |
Fix Released
|
Unknown
|
|||
pidgin (Fedora) |
Fix Released
|
Medium
|
|||
pidgin (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: pidgin
CVE-2008-2927 is a remote buffer overflow vulnerability in the MSN protocol handler. Apparently it can lead to arbitrary code execution. It's not yet in the public vulnerability databases, so please see the Debian bug for reference: <http://
Changed in pidgin: | |
status: | Unknown → New |
tags: | added: patch |
Changed in pidgin (Debian): | |
status: | New → Confirmed |
Changed in pidgin (Debian): | |
status: | Confirmed → Fix Released |
Changed in pidgin (Fedora): | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
To post a comment you must log in.
An integer overflow in Pidgin's MSN protocol handler could allow malformed SLP
message to cause an integer overflow, which could result in arbitrary code
execution.
This flaw is only exploitable by individuals who can message a user, which is
controlled by the Pidgin privacy setting. The default setting is to only allow
messages from users in the buddy list.