CVE-2010-1624

Related Files

Ubuntu Security Notice 1014-1

Posted Nov 5, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1014-1 - Pierre Nogues discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. Daniel Atallah discovered that Pidgin incorrectly handled the return code of the Base64 decoding function. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service.

tags | advisory, remote, denial of service, protocol

systems | linux, ubuntu

advisories | CVE-2010-1624, CVE-2010-3711

SHA-256 | a6ca7c602ada11042c70038bddf8d2b5b69b7d1b0a0352670a1977e25ead8eb4

Download | Favorite | View

Mandriva Linux Security Advisory 2010-097

Posted May 19, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-097 - The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service (application crash) via a custom emoticon in a malformed SLP message. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, protocol

systems | linux, mandriva

advisories | CVE-2010-1624

SHA-256 | a874c9ffb8f4b5dc72d10517c128c59dd05e92da99db4a800881e579c81b6fb6

Download | Favorite | View