CVE-2009-1373

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2009-1059.html
http://www.securityfocus.com/bid/35067	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=500488
http://secunia.com/advisories/35202	Vendor Advisory
http://secunia.com/advisories/35194	Vendor Advisory
http://www.pidgin.im/news/security/?id=29	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-1060.html
http://secunia.com/advisories/35215
http://debian.org/security/2009/dsa-1805
http://www.vupen.com/english/advisories/2009/1396
http://secunia.com/advisories/35188
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
http://www.ubuntu.com/usn/USN-781-1
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
http://www.ubuntu.com/usn/USN-781-2
http://secunia.com/advisories/35294
http://secunia.com/advisories/35330
http://secunia.com/advisories/35329
http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pidgin:pidgin:2.1.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.0.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.4:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.1.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.3.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.3:::::::*
	cpe:2.3:a:pidgin:pidgin:2.0.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.0.2:::::::*
	cpe:2.3:a:pidgin:pidgin:2.0.2::linux:::::
	cpe:2.3:a:pidgin:pidgin:2.3.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.4.0:::::::*
	cpe:2.3:a:pidgin:pidgin::::::::
	cpe:2.3:a:pidgin:pidgin:2.5.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.0:::::::*
	cpe:2.3:a:pidgin:pidgin:2.2.1:::::::*
	cpe:2.3:a:pidgin:pidgin:2.5.3:::::::*

Information

Published : 2009-05-26 08:30

Updated : 2023-02-12 17:17

NVD link : CVE-2009-1373

Mitre link : CVE-2009-1373

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

pidgin

pidgin

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html", "name": "RHSA-2009:1059", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/35067", "name": "35067", "tags": ["Patch"], "refsource": "BID"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=500488", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/35202", "name": "35202", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/35194", "name": "35194", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.pidgin.im/news/security/?id=29", "name": "http://www.pidgin.im/news/security/?id=29", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html", "name": "RHSA-2009:1060", "tags": [], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/35215", "name": "35215", "tags": [], "refsource": "SECUNIA"}, {"url": "http://debian.org/security/2009/dsa-1805", "name": "DSA-1805", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.vupen.com/english/advisories/2009/1396", "name": "ADV-2009-1396", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/35188", "name": "35188", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml", "name": "GLSA-200905-07", "tags": [], "refsource": "GENTOO"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html", "name": "FEDORA-2009-5597", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.ubuntu.com/usn/USN-781-1", "name": "USN-781-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html", "name": "FEDORA-2009-5583", "tags": [], "refsource": "FEDORA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html", "name": "FEDORA-2009-5552", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.ubuntu.com/usn/USN-781-2", "name": "USN-781-2", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/35294", "name": "35294", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/35330", "name": "35330", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/35329", "name": "35329", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140", "name": "MDVSA-2009:140", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173", "name": "MDVSA-2009:173", "tags": [], "refsource": "MANDRIVA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682", "name": "pidgin-xmppsocks5-bo(50682)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005", "name": "oval:org.mitre.oval:def:9005", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722", "name": "oval:org.mitre.oval:def:17722", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-1373", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2009-05-26T15:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.5.5"}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T01:17Z"}

7.1 /10