SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME

Network Security Consulting Advisories Article

Pidgin 'silc_private_message()' Denial of Service Vulnerability

http://www.securityfocus.com/bid/49912

Security Info

Bugtraq ID:	49912
Class:	Unknown
CVE:	CVE-2011-3594
Remote:	Yes
Local:	No
Published:	Sep 30 2011 12:00AM
Updated:	Jun 22 2012 12:10AM
Credit:	<br>Diego Bauche Madero
Vulnerable:	Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop version 4 Red Hat Fedora 16 Red Hat Fedora 15 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Pidgin Pidgin 2.10.0 Oracle Enterprise Linux 4 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux

Not Vulnerable:

Security Discussion

Pidgin is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to perform denial-of-service attacks.

Pidgin 2.10.0 is affected. Other versions may also be vulnerable.

Proof of Concept and Security Exploits

Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Mandriva Linux Mandrake 2010.1

Mandriva finch-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libfinch0-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libpurple-devel-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libpurple0-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-bonjour-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-client-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-gevolution-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-i18n-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-meanwhile-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-perl-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-plugins-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-silc-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-tcl-2.10.1-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/

MandrakeSoft Enterprise Server 5 x86_64

Mandriva finch-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64finch0-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64purple-devel-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64purple0-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-bonjour-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-client-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-gevolution-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-i18n-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-meanwhile-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-perl-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-plugins-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-silc-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-tcl-2.10.1-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva Linux Mandrake 2011 x86_64

Mandriva finch-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64finch0-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64purple-devel-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64purple0-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-bonjour-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-client-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-gevolution-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-i18n-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-meanwhile-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-perl-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-plugins-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-silc-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-tcl-2.10.1-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva Linux Mandrake 2011

Mandriva finch-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libfinch0-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libpurple-devel-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libpurple0-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-bonjour-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-client-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-gevolution-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-i18n-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-meanwhile-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-perl-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-plugins-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-silc-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-tcl-2.10.1-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

MandrakeSoft Enterprise Server 5

Mandriva finch-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libfinch0-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libpurple-devel-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libpurple0-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-bonjour-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-client-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-gevolution-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-i18n-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-meanwhile-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-perl-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-plugins-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-silc-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-tcl-2.10.1-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva Linux Mandrake 2010.1 x86_64

Mandriva finch-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64finch0-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64purple-devel-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64purple0-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-bonjour-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-client-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-gevolution-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-i18n-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-meanwhile-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-perl-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-plugins-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-silc-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva pidgin-tcl-2.10.1-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/

Security References(s)

References:

Heap memory corruption using g_markup_escape_text() without sanitizing first (Pidgin)
Pidgin Homepage (Pidgin)
Salvage incoming SILC text if necessary. Fixes #14636 (Pidgin)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services