漏洞信息详情
Pidgin MSN协议文件名处理拒绝服务漏洞
- CNNVD编号:CNNVD-200807-110
- 危害等级: 高危
- CVE编号: CVE-2008-2927
- 漏洞类型: 数字错误
- 发布时间: 2008-06-26
- 威胁类型: 远程
- 更新时间: 2009-06-09
- 厂 商: adium
- 漏洞来源: Juan Pablo Lopez Y...
漏洞简介
Pidgin是一款跨平台的实时通信客户端,它支持多个常用的实时通信协议,用户可用同一个软件登录不同的实时通信服务。 Pidgin的libpurple/protocols/msnp9/slplink.c文件中的msn_slplink_process_msg()函数在处理MSN P2P文件传输请求时存在使用后释放漏洞,如果用户受骗接收了带有特制文件名的文件的话,就会引用之前已经释放的内存,导致拒绝服务。
漏洞公告
目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://pidgin.im/pidgin/home/
参考网址
来源: issues.rpath.com 链接:https://issues.rpath.com/browse/RPL-2647 来源: bugzilla.redhat.com 链接:https://bugzilla.redhat.com/show_bug.cgi?id=453764 来源: XF 名称: adium-msnprotocol-code-execution(44774) 链接:http://xforce.iss.net/xforce/xfdb/44774 来源: MISC 名称: http://www.zerodayinitiative.com/advisories/ZDI-08-054 链接:http://www.zerodayinitiative.com/advisories/ZDI-08-054 来源: SECTRACK 名称: 1020451 链接:http://www.securitytracker.com/id?1020451 来源: BID 名称: 29956 链接:http://www.securityfocus.com/bid/29956 来源: BUGTRAQ 名称: 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability 链接:http://www.securityfocus.com/archive/1/archive/1/495818/100/0/threaded 来源: BUGTRAQ 名称: 20080806 rPSA-2008-0246-1 gaim 链接:http://www.securityfocus.com/archive/1/archive/1/495165/100/0/threaded 来源: BUGTRAQ 名称: 20080625 Pidgin 2.4.1 Vulnerability 链接:http://www.securityfocus.com/archive/1/493682 来源: REDHAT 名称: RHSA-2008:0584 链接:http://www.redhat.com/support/errata/RHSA-2008-0584.HTML 来源: www.pidgin.im 链接:http://www.pidgin.im/news/security/?id=25 来源: MLIST 名称: [oss-security] 20080703 Re: Re: CVE Request (pidgin) 链接:http://www.openwall.com/lists/oss-security/2008/07/04/1 来源: MLIST 名称: [oss-security] 20080704 Re: Re: CVE Request (pidgin) 链接:http://www.openwall.com/lists/oss-security/2008/07/03/6 来源: MANDRIVA 名称: MDVSA-2009:127 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:127 来源: MANDRIVA 名称: MDVSA-2008:143 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:143 来源: VUPEN 名称: ADV-2008-2032 链接:http://www.frsirt.com/english/advisories/2008/2032/references 来源: DEBIAN 名称: DSA-1610 链接:http://www.debian.org/security/2008/dsa-1610 来源: wiki.rpath.com 链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246 来源: SECUNIA 名称: 31642 链接:http://secunia.com/advisories/31642 来源: SECUNIA 名称: 31387 链接:http://secunia.com/advisories/31387 来源: SECUNIA 名称: 31105 链接:http://secunia.com/advisories/31105 来源: SECUNIA 名称: 31016 链接:http://secunia.com/advisories/31016 来源: SECUNIA 名称: 30971 链接:http://secunia.com/advisories/30971 来源: developer.pidgin.im 链接:http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c 来源: developer.pidgin.im 链接:http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c
受影响实体
- Adium Adium:1.0
- Adium Adium:1.0.1
- Adium Adium:1.0.2
- Adium Adium:1.0.3
- Adium Adium:1.0.5
补丁
暂无
评论