Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1375
    posted: 02/27/09
  • NSM Daily Update #1375
    posted: 02/27/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1375
    posted: 02/27/09
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1361
    posted: 02/27/09
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 02/26/09

Title: Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities

Severity: MODERATE

Description:

Pidgin is a chat client available for multiple operating systems.

The application is prone to multiple denial-of-service vulnerabilities affecting the UPnP and Jabber protocols:

1. Untrusted XML documents can be exchanged. Attackers can exploit this to cause memory leaks and application crashes when a pidgin client connects to a malicious Jabber server.

2. Downloads of arbitrary size are allowed via the UPnP protocol. Attackers can exploit this to cause excessive resource allocations and application crashes, denying service to legitimate users.

Pidgin 2.0.0 is vulnerable; other versions, including Gaim 2.0.0 beta versions, may also be affected.

Affected Products:

  • Pidgin Pidgin 2.0.0
  • RedHat Enterprise Linux AS 4
  • RedHat Enterprise Linux Desktop 5 client
  • RedHat Enterprise Linux Desktop Workstation 5 client
  • RedHat Enterprise Linux Desktop version 4
  • RedHat Enterprise Linux ES 4
  • RedHat Enterprise Linux Optional Productivity Application 5 server
  • RedHat Enterprise Linux WS 4
  • Ubuntu Ubuntu Linux 7.10 amd64
  • Ubuntu Ubuntu Linux 7.10 i386
  • Ubuntu Ubuntu Linux 7.10 lpia
  • Ubuntu Ubuntu Linux 7.10 powerpc
  • Ubuntu Ubuntu Linux 7.10 sparc
  • Ubuntu Ubuntu Linux 8.04 LTS amd64
  • Ubuntu Ubuntu Linux 8.04 LTS i386
  • Ubuntu Ubuntu Linux 8.04 LTS lpia
  • Ubuntu Ubuntu Linux 8.04 LTS powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS sparc
  • rPath rPath Linux 1

References: