Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
BID:29956
Info
Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
| Bugtraq ID: | 29956 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2008-2927 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 26 2008 12:00AM |
| Updated: | Jun 03 2009 08:19PM |
| Credit: | An anonymous researcher working with TippingPoint and ZDI. |
| Vulnerable: |
Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 rPath rPath Linux 1 Rob Flynn Gaim 1.3.1 Rob Flynn Gaim 1.3 .0 Rob Flynn Gaim 1.2.1 Rob Flynn Gaim 1.2 Rob Flynn Gaim 1.1.4 Rob Flynn Gaim 1.1.3 Rob Flynn Gaim 1.1.2 Rob Flynn Gaim 1.1.1 Rob Flynn Gaim 1.0.2 Rob Flynn Gaim 1.0.1 Rob Flynn Gaim 1.0 Rob Flynn Gaim 0.82.1 Rob Flynn Gaim 0.82 Rob Flynn Gaim 0.78 Rob Flynn Gaim 0.77 Rob Flynn Gaim 0.75 Rob Flynn Gaim 0.74 Rob Flynn Gaim 0.73 Rob Flynn Gaim 0.72 Rob Flynn Gaim 0.71 Rob Flynn Gaim 0.70 Rob Flynn Gaim 0.69 Rob Flynn Gaim 0.68 Rob Flynn Gaim 0.67 Rob Flynn Gaim 0.66 Rob Flynn Gaim 0.65 Rob Flynn Gaim 0.64 Rob Flynn Gaim 0.63 Rob Flynn Gaim 0.62 Rob Flynn Gaim 0.61 Rob Flynn Gaim 0.60 Rob Flynn Gaim 0.59.8 Rob Flynn Gaim 0.59.1 Rob Flynn Gaim 0.59 Rob Flynn Gaim 0.58 Rob Flynn Gaim 0.57 Rob Flynn Gaim 0.56 Rob Flynn Gaim 0.55 Rob Flynn Gaim 0.54 Rob Flynn Gaim 0.53 Rob Flynn Gaim 0.52 Rob Flynn Gaim 0.51 Rob Flynn Gaim 0.50 Rob Flynn Gaim 0.10.3 Rob Flynn Gaim 0.10 x Redhat Enterprise Linux WS 4 Redhat Enterprise Linux Optional Productivity Application 5 server Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux Desktop version 4 Redhat Desktop 4.0 Redhat Desktop 3.0 Pidgin Pidgin 2.4.2 Pidgin Pidgin 2.4.1 Pidgin Pidgin 2.2.2 Pidgin Pidgin 2.2.1 Pidgin Pidgin 2.2 Pidgin Pidgin 2.1 Pidgin Pidgin 2.0.2 Pidgin Pidgin 2.0 Pardus Linux 2008 0 Pardus Linux 2007 0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Adium Adium 1.2.7 Adium Adium 1.2.6 Adium Adium 1.2.5 Adium Adium 1.3 |
| Not Vulnerable: |
Pidgin Pidgin 2.4.3 |
Discussion
Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
Pidgin is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.
Versions prior to Pidgin 2.4.3 are vulnerable.
Pidgin is prone to multiple integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts likely cause denial-of-service conditions.
Versions prior to Pidgin 2.4.3 are vulnerable.
Exploit / POC
Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Pidgin Pidgin 2.0
Pidgin Pidgin 2.0.2
Pidgin Pidgin 2.1
Pidgin Pidgin 2.2
Pidgin Pidgin 2.2.1
Pidgin Pidgin 2.2.2
Pidgin Pidgin 2.4.2
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 3.0 x86_64
Solution:
Updates are available. Please see the references for more information.
Ubuntu Ubuntu Linux 7.10 powerpc
-
Ubuntu finch-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.2.1-1 ubuntu4.3_all.deb -
Ubuntu finch_2.2.1-1ubuntu4.3_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubun tu4.3_powerpc.deb -
Ubuntu gaim_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.2.1-1u buntu4.3_all.deb -
Ubuntu libpurple-bin_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.2 .1-1ubuntu4.3_all.deb -
Ubuntu libpurple-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.2 .1-1ubuntu4.3_all.deb -
Ubuntu libpurple0_2.2.1-1ubuntu4.3_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1- 1ubuntu4.3_powerpc.deb -
Ubuntu pidgin-data_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.2.1 -1ubuntu4.3_all.deb -
Ubuntu pidgin-dbg_2.2.1-1ubuntu4.3_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1- 1ubuntu4.3_powerpc.deb -
Ubuntu pidgin-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.2.1- 1ubuntu4.3_all.deb -
Ubuntu pidgin_2.2.1-1ubuntu4.3_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubu ntu4.3_powerpc.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
-
Ubuntu finch-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1 ubuntu2.2_all.deb -
Ubuntu finch_2.4.1-1ubuntu2.2_powerpc.deb
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.2_powe rpc.deb -
Ubuntu gaim_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1u buntu2.2_all.deb -
Ubuntu libpurple-bin_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4 .1-1ubuntu2.2_all.deb -
Ubuntu libpurple-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4 .1-1ubuntu2.2_all.deb -
Ubuntu libpurple0_2.4.1-1ubuntu2.2_powerpc.deb
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.2 _powerpc.deb -
Ubuntu pidgin-data_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1 -1ubuntu2.2_all.deb -
Ubuntu pidgin-dbg_2.4.1-1ubuntu2.2_powerpc.deb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.2 _powerpc.deb -
Ubuntu pidgin-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1- 1ubuntu2.2_all.deb -
Ubuntu pidgin_2.4.1-1ubuntu2.2_powerpc.deb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.2_pow erpc.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
-
Ubuntu finch-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1 ubuntu2.2_all.deb -
Ubuntu finch_2.4.1-1ubuntu2.2_sparc.deb
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.2_spar c.deb -
Ubuntu gaim_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1u buntu2.2_all.deb -
Ubuntu libpurple-bin_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4 .1-1ubuntu2.2_all.deb -
Ubuntu libpurple-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4 .1-1ubuntu2.2_all.deb -
Ubuntu libpurple0_2.4.1-1ubuntu2.2_sparc.deb
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.2 _sparc.deb -
Ubuntu pidgin-data_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1 -1ubuntu2.2_all.deb -
Ubuntu pidgin-dbg_2.4.1-1ubuntu2.2_sparc.deb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.2 _sparc.deb -
Ubuntu pidgin-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1- 1ubuntu2.2_all.deb -
Ubuntu pidgin_2.4.1-1ubuntu2.2_sparc.deb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.2_spa rc.deb
Ubuntu Ubuntu Linux 6.06 LTS sparc
-
Ubuntu gaim-data_1.5.0+1.5.1cvs20051015-1ubuntu10.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.5.0+1.5 .1cvs20051015-1ubuntu10.1_all.deb -
Ubuntu gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.1_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5. 1cvs20051015-1ubuntu10.1_sparc.deb -
Ubuntu gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.1_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs 20051015-1ubuntu10.1_sparc.deb
Ubuntu Ubuntu Linux 8.04 LTS amd64
-
Ubuntu finch-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1 ubuntu2.2_all.deb -
Ubuntu finch_2.4.1-1ubuntu2.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubun tu2.2_amd64.deb -
Ubuntu gaim_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1u buntu2.2_all.deb -
Ubuntu libpurple-bin_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4 .1-1ubuntu2.2_all.deb -
Ubuntu libpurple-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4 .1-1ubuntu2.2_all.deb -
Ubuntu libpurple0_2.4.1-1ubuntu2.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1- 1ubuntu2.2_amd64.deb -
Ubuntu pidgin-data_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1 -1ubuntu2.2_all.deb -
Ubuntu pidgin-dbg_2.4.1-1ubuntu2.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1- 1ubuntu2.2_amd64.deb -
Ubuntu pidgin-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1- 1ubuntu2.2_all.deb -
Ubuntu pidgin_2.4.1-1ubuntu2.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubu ntu2.2_amd64.deb
Ubuntu Ubuntu Linux 7.10 sparc
-
Ubuntu finch-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.2.1-1 ubuntu4.3_all.deb -
Ubuntu finch_2.2.1-1ubuntu4.3_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubun tu4.3_sparc.deb -
Ubuntu gaim_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.2.1-1u buntu4.3_all.deb -
Ubuntu libpurple-bin_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.2 .1-1ubuntu4.3_all.deb -
Ubuntu libpurple-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.2 .1-1ubuntu4.3_all.deb -
Ubuntu libpurple0_2.2.1-1ubuntu4.3_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1- 1ubuntu4.3_sparc.deb -
Ubuntu pidgin-data_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.2.1 -1ubuntu4.3_all.deb -
Ubuntu pidgin-dbg_2.2.1-1ubuntu4.3_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1- 1ubuntu4.3_sparc.deb -
Ubuntu pidgin-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.2.1- 1ubuntu4.3_all.deb -
Ubuntu pidgin_2.2.1-1ubuntu4.3_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubu ntu4.3_sparc.deb
Ubuntu Ubuntu Linux 6.06 LTS powerpc
-
Ubuntu gaim-data_1.5.0+1.5.1cvs20051015-1ubuntu10.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.5.0+1.5 .1cvs20051015-1ubuntu10.1_all.deb -
Ubuntu gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.1_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5. 1cvs20051015-1ubuntu10.1_powerpc.deb -
Ubuntu gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.1_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs 20051015-1ubuntu10.1_powerpc.deb
Ubuntu Ubuntu Linux 8.04 LTS lpia
-
Ubuntu finch-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1 ubuntu2.2_all.deb -
Ubuntu finch_2.4.1-1ubuntu2.2_lpia.deb
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.2_lpia .deb -
Ubuntu gaim_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1u buntu2.2_all.deb -
Ubuntu libpurple-bin_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4 .1-1ubuntu2.2_all.deb -
Ubuntu libpurple-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4 .1-1ubuntu2.2_all.deb -
Ubuntu libpurple0_2.4.1-1ubuntu2.2_lpia.deb
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.2 _lpia.deb -
Ubuntu pidgin-data_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1 -1ubuntu2.2_all.deb -
Ubuntu pidgin-dbg_2.4.1-1ubuntu2.2_lpia.deb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.2 _lpia.deb -
Ubuntu pidgin-dev_2.4.1-1ubuntu2.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1- 1ubuntu2.2_all.deb -
Ubuntu pidgin_2.4.1-1ubuntu2.2_lpia.deb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.2_lpi a.deb
Ubuntu Ubuntu Linux 6.06 LTS i386
-
Ubuntu gaim-data_1.5.0+1.5.1cvs20051015-1ubuntu10.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.5.0+1.5 .1cvs20051015-1ubuntu10.1_all.deb -
Ubuntu gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5. 1cvs20051015-1ubuntu10.1_i386.deb -
Ubuntu gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs 20051015-1ubuntu10.1_i386.deb
Ubuntu Ubuntu Linux 7.10 lpia
-
Ubuntu finch-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.2.1-1 ubuntu4.3_all.deb -
Ubuntu finch_2.2.1-1ubuntu4.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.3_lpia .deb -
Ubuntu gaim_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.2.1-1u buntu4.3_all.deb -
Ubuntu libpurple-bin_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.2 .1-1ubuntu4.3_all.deb -
Ubuntu libpurple-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.2 .1-1ubuntu4.3_all.deb -
Ubuntu libpurple0_2.2.1-1ubuntu4.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.3 _lpia.deb -
Ubuntu pidgin-data_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.2.1 -1ubuntu4.3_all.deb -
Ubuntu pidgin-dbg_2.2.1-1ubuntu4.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.3 _lpia.deb -
Ubuntu pidgin-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.2.1- 1ubuntu4.3_all.deb -
Ubuntu pidgin_2.2.1-1ubuntu4.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.3_lpi a.deb
Ubuntu Ubuntu Linux 7.10 i386
-
Ubuntu finch-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.2.1-1 ubuntu4.3_all.deb -
Ubuntu finch_2.2.1-1ubuntu4.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubun tu4.3_i386.deb -
Ubuntu gaim_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.2.1-1u buntu4.3_all.deb -
Ubuntu libpurple-bin_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.2 .1-1ubuntu4.3_all.deb -
Ubuntu libpurple-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.2 .1-1ubuntu4.3_all.deb -
Ubuntu libpurple0_2.2.1-1ubuntu4.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1- 1ubuntu4.3_i386.deb -
Ubuntu pidgin-data_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.2.1 -1ubuntu4.3_all.deb -
Ubuntu pidgin-dbg_2.2.1-1ubuntu4.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1- 1ubuntu4.3_i386.deb -
Ubuntu pidgin-dev_2.2.1-1ubuntu4.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.2.1- 1ubuntu4.3_all.deb -
Ubuntu pidgin_2.2.1-1ubuntu4.3_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubu ntu4.3_i386.deb
Ubuntu Ubuntu Linux 6.06 LTS amd64
-
Ubuntu gaim-data_1.5.0+1.5.1cvs20051015-1ubuntu10.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.5.0+1.5 .1cvs20051015-1ubuntu10.1_all.deb -
Ubuntu gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.1_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5. 1cvs20051015-1ubuntu10.1_amd64.deb -
Ubuntu gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.1_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs 20051015-1ubuntu10.1_amd64.deb
Pidgin Pidgin 2.0
-
Pidgin pidgin-2.4.3.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.exe -
Pidgin pidgin-2.4.3.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.tar.bz2
Pidgin Pidgin 2.0.2
-
Pidgin pidgin-2.4.3.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.exe -
Pidgin pidgin-2.4.3.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.tar.bz2
Pidgin Pidgin 2.1
-
Pidgin pidgin-2.4.3.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.exe -
Pidgin pidgin-2.4.3.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.tar.bz2
Pidgin Pidgin 2.2
-
Pidgin pidgin-2.4.3.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.exe -
Pidgin pidgin-2.4.3.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.tar.bz2
Pidgin Pidgin 2.2.1
-
Pidgin pidgin-2.4.3.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.exe -
Pidgin pidgin-2.4.3.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.tar.bz2
Pidgin Pidgin 2.2.2
-
Pidgin pidgin-2.4.3.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.exe -
Pidgin pidgin-2.4.3.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.tar.bz2
Pidgin Pidgin 2.4.2
-
Pidgin pidgin-2.4.3.exe
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.exe -
Pidgin pidgin-2.4.3.tar.bz2
http://downloads.sourceforge.net/pidgin/pidgin-2.4.3.tar.bz2
MandrakeSoft Corporate Server 3.0
-
Mandriva gaim-1.5.0-0.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva gaim-devel-1.5.0-0.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva gaim-perl-1.5.0-0.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva gaim-tcl-1.5.0-0.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libgaim-remote0-1.5.0-0.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva libgaim-remote0-devel-1.5.0-0.2.C30mdk.i586.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Corporate Server 3.0 x86_64
-
Mandriva gaim-1.5.0-0.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva gaim-devel-1.5.0-0.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva gaim-perl-1.5.0-0.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva gaim-tcl-1.5.0-0.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64gaim-remote0-1.5.0-0.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva lib64gaim-remote0-devel-1.5.0-0.2.C30mdk.x86_64.rpm
http://www.mandriva.com/en/download/
References
Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities
References:
References:
- Bugzilla Bug 453764: CVE-2008-2927 pidgin MSN integer overflow (Red Hat)
- Adium Homepage (Adium)
- Gaim website (Rob Flynn
) - Pidgin Homepage (Pidgin)
- ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vul ([email protected])
- MSN malformed SLP message overflow (Pidgin)
- RHSA-2008:0584-2 Important: pidgin security and bug fix update (Red Hat)