Secunia
Login
|
|
CVE Reference: CVE-2009-2694 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2009-2694 |
|
|
Description: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. |
|
|
CVE Status: Candidate |
|
|
References: SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 SAID Secunia Advisory: SA36392 Secunia Advisory: SA36401 Secunia Advisory: SA36384 Secunia Advisory: SA36402 Secunia Advisory: SA36708 Secunia Advisory: SA37071 REDHAT OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6320 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10319 MISC http://www.coresecurity.com/content/libpurple-arbitrary-write EXPLOIT-DB http://www.exploit-db.com/exploits/9615 DEBIAN http://www.debian.org/security/2009/dsa-1870 CONFIRM http://www.pidgin.im/news/security/?id=34 http://developer.pidgin.im/wiki/ChangeLog http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e |
|
| Return to the previous page. |
