The msn_slplink_process_msg function in
libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin
(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) by sending multiple
crafted SLP (aka MSNSLP) messages to trigger an overwrite of an
arbitrary memory location. NOTE: this issue reportedly exists because
of an incomplete fix for CVE-2009-1376.
MITRE's CVE-2009-2694 record: ------- ------- ------- -
-------
The msn_slplink_ process_ msg function in protocols/ msn/slplink. c in libpurple, as used in Pidgin
libpurple/
(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) by sending multiple
crafted SLP (aka MSNSLP) messages to trigger an overwrite of an
arbitrary memory location. NOTE: this issue reportedly exists because
of an incomplete fix for CVE-2009-1376.
References: www.coresecurit y.com/content/ libpurple- arbitrary- write developer. pidgin. im/viewmtn/ revision/ info/6f7343166c 673bf0496ecb1af ec9b633c1d54a0e developer. pidgin. im/wiki/ ChangeLog www.pidgin. im/news/ security/ ?id=34 secunia. com/advisories/ 36384 secunia. com/advisories/ 36392 secunia. com/advisories/ 36401 www.vupen. com/english/ advisories/ 2009/2303
-----------
http://
http://
http://
http://
http://
http://
http://
http://