Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Pidgin
Опубликовано:3 ноября 2014 г.
Источник:
SecurityVulns ID:14069
Тип:удаленная
Уровень опасности:
6/10
Описание:Недостаточная проверка сертификата, DoS при разборе emoticons, DoS через сообщения Groupwise, утечка информации через XMPP.
Затронутые продукты:PIDGIN : Pidgin 2.10
CVE:CVE-2014-3698 (The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.)
 CVE-2014-3696 (nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.)
 CVE-2014-3695 (markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.)
 CVE-2014-3694 (The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
Оригинальный текстdocumentUBUNTU, [USN-2390-1] Pidgin vulnerabilities (03.11.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород