[CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities

Bug #245769 reported by Till Ulen on 2008-07-05
Affects Status Importance Assigned to Milestone
pidgin (Ubuntu)

Bug Description

Binary package hint: pidgin

CVE-2008-2955 description:

"Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function."


CVE-2008-2956 description:

"Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents."


CVE-2008-2957 description:

"The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL."


Till Ulen (tillulen) wrote :

Adding CVE links: CVE-2008-2955, CVE-2008-2956, CVE-2008-2957

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pidgin - 1:2.2.1-1ubuntu4.3

pidgin (1:2.2.1-1ubuntu4.3) gutsy-security; urgency=low

  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/99_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c by checking
      against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/99_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

 -- Marc Deslauriers <email address hidden> Thu, 20 Nov 2008 15:54:34 -0500

Changed in pidgin:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers