Pidgin XMPP Protocol Denial of Service Vulnerability
BID:52476
Info
Pidgin XMPP Protocol Denial of Service Vulnerability
| Bugtraq ID: | 52476 |
| Class: | Design Error |
| CVE: |
CVE-2011-4939 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 07 2011 12:00AM |
| Updated: | Apr 13 2015 09:20PM |
| Credit: | Clemens Huebner |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Sun Solaris 10 Pidgin Pidgin 2.10.1 Pidgin Pidgin 2.9 Pidgin Pidgin 2.8 Pidgin Pidgin 2.7.6 Pidgin Pidgin 2.7.5 Pidgin Pidgin 2.7.4 Pidgin Pidgin 2.7.3 Pidgin Pidgin 2.7.2 Pidgin Pidgin 2.7.1 Pidgin Pidgin 2.7 Pidgin Pidgin 2.6.6 Pidgin Pidgin 2.6.5 Pidgin Pidgin 2.6.4 Pidgin Pidgin 2.6.3 Pidgin Pidgin 2.6.1 Pidgin Pidgin 2.6 Pidgin Pidgin 2.5.9 Pidgin Pidgin 2.5.8 Pidgin Pidgin 2.5.7 Pidgin Pidgin 2.5.6 Pidgin Pidgin 2.5.5 Pidgin Pidgin 2.4.3 Pidgin Pidgin 2.4.2 Pidgin Pidgin 2.4.1 Pidgin Pidgin 2.4 Pidgin Pidgin 2.2.2 Pidgin Pidgin 2.2.1 Pidgin Pidgin 2.2 Pidgin Pidgin 2.1 Pidgin Pidgin 2.0.2 Pidgin Pidgin 2.0 Pidgin Pidgin 2.10.0 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 |
| Not Vulnerable: |
Pidgin Pidgin 2.10.2 |
Discussion
Pidgin XMPP Protocol Denial of Service Vulnerability
Pidgin is prone to a denial-of-service vulnerability due to a NULL-pointer dereference condition.
An attacker can exploit this issue by constructing and submitting a specially crafted message.
Successful exploits will cause the affected application to crash, effectively denying service to legitimate users. Due to the nature of this issue, remote code execution may be possible; this has not been confirmed.
Pidgin is prone to a denial-of-service vulnerability due to a NULL-pointer dereference condition.
An attacker can exploit this issue by constructing and submitting a specially crafted message.
Successful exploits will cause the affected application to crash, effectively denying service to legitimate users. Due to the nature of this issue, remote code execution may be possible; this has not been confirmed.
Exploit / POC
Pidgin XMPP Protocol Denial of Service Vulnerability
Currently we are not aware of any exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Pidgin XMPP Protocol Denial of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva finch-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64finch0-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64purple-devel-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64purple0-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-bonjour-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-client-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-gevolution-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-i18n-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-meanwhile-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-perl-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-plugins-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-silc-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-tcl-2.10.2-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva finch-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfinch0-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpurple-devel-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpurple0-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-bonjour-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-client-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-gevolution-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-i18n-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-meanwhile-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-perl-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-plugins-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-silc-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-tcl-2.10.2-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011 x86_64
-
Mandriva finch-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64finch0-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64purple-devel-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64purple0-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-bonjour-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-client-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-gevolution-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-i18n-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-meanwhile-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-perl-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-plugins-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-silc-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-tcl-2.10.2-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva finch-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfinch0-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpurple-devel-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpurple0-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-bonjour-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-client-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-gevolution-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-i18n-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-meanwhile-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-perl-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-plugins-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-silc-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva pidgin-tcl-2.10.2-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
Pidgin XMPP Protocol Denial of Service Vulnerability
References:
References:
- get_iter_from_chatbuddy can dereference NULL pointer (Pidgin)
- Pidgin Homepage (Pidgin)
- Pidgin Security Advisory (Pidgin)
- Multiple vulnerabilities in Pidgin (Oracle)