Pidgin MSN Nudge Messages Remote Denial Of Service Vulnerability
BID:25872
Info
Pidgin MSN Nudge Messages Remote Denial Of Service Vulnerability
| Bugtraq ID: | 25872 |
| Class: | Design Error |
| CVE: |
CVE-2007-4996 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 01 2007 12:00AM |
| Updated: | Oct 05 2007 05:48PM |
| Credit: | Evan Schoenberg discovered this issue. |
| Vulnerable: |
Slackware Linux 12.0 Redhat Fedora Core7 Pidgin Pidgin 2.2 Pidgin Pidgin 2.1 Pidgin Pidgin 2.0.2 Foresight Linux Foresight Linux 1.1 |
| Not Vulnerable: |
Pidgin Pidgin 2.2.1 |
Discussion
Pidgin MSN Nudge Messages Remote Denial Of Service Vulnerability
Pidgin is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted messages.
Attackers can exploit this issue to crash the application, denying service to legitimate users.
Versions prior to Pidgin 2.2.1 are vulnerable.
Pidgin is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted messages.
Attackers can exploit this issue to crash the application, denying service to legitimate users.
Versions prior to Pidgin 2.2.1 are vulnerable.
Exploit / POC
Pidgin MSN Nudge Messages Remote Denial Of Service Vulnerability
Attackers can exploit this issue using a chat client that can send MSN 'Nudge' messages.
Attackers can exploit this issue using a chat client that can send MSN 'Nudge' messages.
Solution / Fix
Pidgin MSN Nudge Messages Remote Denial Of Service Vulnerability
Solution:
The vendor released Pidgin 2.2.1 to address this issue. Please see the references for more information.
Slackware Linux 12.0
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.1
Pidgin Pidgin 2.2
Solution:
The vendor released Pidgin 2.2.1 to address this issue. Please see the references for more information.
Slackware Linux 12.0
-
Slackware pidgin-2.2.1-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ pidgin-2.2.1-i486-1_slack12.0.tgz
Pidgin Pidgin 2.0.2
-
Pidgin pidgin-2.2.1.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.2.1.exe -
Pidgin pidgin-2.2.1.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.2.1.tar.bz2 -
Pidgin pidgin.repo
http://rpm.pidgin.im/fedora/pidgin.repo
Pidgin Pidgin 2.1
-
Pidgin pidgin-2.2.1.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.2.1.exe -
Pidgin pidgin-2.2.1.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.2.1.tar.bz2 -
Pidgin pidgin.repo
http://rpm.pidgin.im/fedora/pidgin.repo
Pidgin Pidgin 2.2
-
Pidgin pidgin-2.2.1.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.2.1.exe -
Pidgin pidgin-2.2.1.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.2.1.tar.bz2 -
Pidgin pidgin.repo
http://rpm.pidgin.im/fedora/pidgin.repo
References
Pidgin MSN Nudge Messages Remote Denial Of Service Vulnerability
References:
References:
- Pidgin Homepage (Pidgin)
- MSN Remote "Nudge" DoS (Pidgin)