Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:025 (pidgin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63256

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:025 (pidgin)

Resumen: The remote host is missing an update to pidgin;announced via advisory MDVSA-2009:025.

Descripción: Summary:
The remote host is missing an update to pidgin
announced via advisory MDVSA-2009:025.

Vulnerability Insight:
The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)

Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
demonstrated using an MSN message that triggers the crash in the
msn_slplink_process_msg function. (CVE-2008-2955)

The UPnP functionality in Pidgin 2.0.0, and possibly other versions,
allows remote attackers to trigger the download of arbitrary files
and cause a denial of service (memory or disk consumption) via a UDP
packet that specifies an arbitrary URL. (CVE-2008-2957)

The updated packages have been patched to fix these issues.

Affected: 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3532
30553
http://www.securityfocus.com/bid/30553
31390
http://secunia.com/advisories/31390
32859
http://secunia.com/advisories/32859
33102
http://secunia.com/advisories/33102
ADV-2008-2318
http://www.vupen.com/english/advisories/2008/2318
MDVSA-2009:025
http://www.mandriva.com/security/advisories?name=MDVSA-2009:025
RHSA-2008:1023
http://www.redhat.com/support/errata/RHSA-2008-1023.html
USN-675-1
http://www.ubuntu.com/usn/USN-675-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434
http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch
http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch
http://developer.pidgin.im/ticket/6500
http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm
oval:org.mitre.oval:def:10979
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10979
oval:org.mitre.oval:def:18327
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327
pidgin-ssl-spoofing(44220)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44220
Common Vulnerability Exposure (CVE) ID: CVE-2008-2955
20080626 Pidgin 2.4.1 Vulnerability
http://www.securityfocus.com/archive/1/493682/100/0/threaded
29985
http://www.securityfocus.com/bid/29985
30881
http://secunia.com/advisories/30881
3966
http://securityreason.com/securityalert/3966
ADV-2008-1947
http://www.vupen.com/english/advisories/2008/1947
oval:org.mitre.oval:def:10131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131
oval:org.mitre.oval:def:18050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050
Common Vulnerability Exposure (CVE) ID: CVE-2008-2957
[oss-security] 20080627 CVE Request (pidgin)
http://www.openwall.com/lists/oss-security/2008/06/27/3
http://crisp.cs.du.edu/?q=ca2007-1
oval:org.mitre.oval:def:17599
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599
oval:org.mitre.oval:def:9076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63256
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Resumen:	The remote host is missing an update to pidgin;announced via advisory MDVSA-2009:025.
Descripción:	Summary: The remote host is missing an update to pidgin announced via advisory MDVSA-2009:025. Vulnerability Insight: The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. (CVE-2008-3532) Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. (CVE-2008-2955) The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. (CVE-2008-2957) The updated packages have been patched to fix these issues. Affected: 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3532 30553 http://www.securityfocus.com/bid/30553 31390 http://secunia.com/advisories/31390 32859 http://secunia.com/advisories/32859 33102 http://secunia.com/advisories/33102 ADV-2008-2318 http://www.vupen.com/english/advisories/2008/2318 MDVSA-2009:025 http://www.mandriva.com/security/advisories?name=MDVSA-2009:025 RHSA-2008:1023 http://www.redhat.com/support/errata/RHSA-2008-1023.html USN-675-1 http://www.ubuntu.com/usn/USN-675-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434 http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch http://developer.pidgin.im/ticket/6500 http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm oval:org.mitre.oval:def:10979 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10979 oval:org.mitre.oval:def:18327 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18327 pidgin-ssl-spoofing(44220) https://exchange.xforce.ibmcloud.com/vulnerabilities/44220 Common Vulnerability Exposure (CVE) ID: CVE-2008-2955 20080626 Pidgin 2.4.1 Vulnerability http://www.securityfocus.com/archive/1/493682/100/0/threaded 29985 http://www.securityfocus.com/bid/29985 30881 http://secunia.com/advisories/30881 3966 http://securityreason.com/securityalert/3966 ADV-2008-1947 http://www.vupen.com/english/advisories/2008/1947 oval:org.mitre.oval:def:10131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131 oval:org.mitre.oval:def:18050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050 Common Vulnerability Exposure (CVE) ID: CVE-2008-2957 [oss-security] 20080627 CVE Request (pidgin) http://www.openwall.com/lists/oss-security/2008/06/27/3 http://crisp.cs.du.edu/?q=ca2007-1 oval:org.mitre.oval:def:17599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599 oval:org.mitre.oval:def:9076 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076
Copyright	Copyright (C) 2009 E-Soft Inc.