CVE-2009-2694: MSN overflow parsing SLP messages leads to remote vulnerability
Bug #415863 reported by
Mathias Weyland
This bug report is a duplicate of:
Bug #416306: CVE-2009-2694 Security vulnerability in pidgin < 2.5.9.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin (Ubuntu) |
Fix Released
|
Medium
|
Marc Deslauriers |
Bug Description
Binary package hint: libpurple0
[1] Original posting: http://
[2] Pidgin Security Advisory: http://
Quote from [1]:
" If the victim has its privacy settings set to "everyone can contact me", the victim is not required to be in the attacker's contact list. Otherwise that is the only requirement for exploitation and no other victim interaction is required. "
[1] claims that libpurple <= 2.5.8 is vulnerable and that the issue was fixed in libpurple >= 2.6.0 while [2] claims that it's fixed in 2.5.9.
CVE References
visibility: | private → public |
To post a comment you must log in.
I checked the monotone repository. Patches seem to be:
http:// developer. pidgin. im/viewmtn/ revision/ info/6f7343166c 673bf0496ecb1af ec9b633c1d54a0e developer. pidgin. im/viewmtn/ revision/ info/0899f42c08 f68d7811a5b0ebe 68acd5b85eddc13
http://
Regards, Matt