• IDP Daily Update #1328
  posted: 12/12/08
  
• NSM Daily Update #1328
  posted: 12/12/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1328
  posted: 12/12/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1321
  posted: 12/12/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 12/12/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities

Severity: MODERATE

Description:

Pidgin is a chat client available for multiple operating systems.

The application is prone to multiple denial-of-service vulnerabilities affecting the UPnP and Jabber protocols:

1. Untrusted XML documents can be exchanged. Attackers can exploit this to cause memory leaks and application crashes when a pidgin client connects to a malicious Jabber server.

2. Downloads of arbitrary size are allowed via the UPnP protocol. Attackers can exploit this to cause excessive resource allocations and application crashes, denying service to legitimate users.

Pidgin 2.0.0 is vulnerable; other versions, including Gaim 2.0.0 beta versions, may also be affected.

Affected Products:

• Pidgin Pidgin 2.0.0
• rPath rPath Linux 1

References:

• Colorado Research Institute for Security and Privacy: CRISP Advisory 2007-01: Multiple vulnerabilities in pidgin
• Pidgin: Pidgin Homepage
• Nico Golde: Re: Re: CVE Request (pidgin)