FKIE_CVE-2009-1373

Vulnerability from fkie_nvd - Published: 2009-05-26 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
References
secalert@redhat.comhttp://debian.org/security/2009/dsa-1805
secalert@redhat.comhttp://secunia.com/advisories/35188
secalert@redhat.comhttp://secunia.com/advisories/35194Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/35202Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/35215
secalert@redhat.comhttp://secunia.com/advisories/35294
secalert@redhat.comhttp://secunia.com/advisories/35329
secalert@redhat.comhttp://secunia.com/advisories/35330
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:140
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:173
secalert@redhat.comhttp://www.pidgin.im/news/security/?id=29Patch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-1059.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-1060.html
secalert@redhat.comhttp://www.securityfocus.com/bid/35067Patch
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-781-1
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-781-2
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/1396
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=500488
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50682
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
af854a3a-2127-422b-91ae-364da2661108http://debian.org/security/2009/dsa-1805
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35188
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35194Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35202Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35215
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35294
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35329
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35330
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
af854a3a-2127-422b-91ae-364da2661108http://www.pidgin.im/news/security/?id=29Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1059.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1060.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35067Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-781-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-781-2
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1396
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=500488
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
Impacted products
Vendor Product Version
pidgin pidgin *
pidgin pidgin 2.0.0
pidgin pidgin 2.0.1
pidgin pidgin 2.0.2
pidgin pidgin 2.0.2
pidgin pidgin 2.1.0
pidgin pidgin 2.1.1
pidgin pidgin 2.2.0
pidgin pidgin 2.2.1
pidgin pidgin 2.2.2
pidgin pidgin 2.3.0
pidgin pidgin 2.3.1
pidgin pidgin 2.4.0
pidgin pidgin 2.4.1
pidgin pidgin 2.4.2
pidgin pidgin 2.4.3
pidgin pidgin 2.5.0
pidgin pidgin 2.5.1
pidgin pidgin 2.5.2
pidgin pidgin 2.5.3
pidgin pidgin 2.5.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FC23273-E322-40E0-AD26-2F272EB5E7A1",
              "versionEndIncluding": "2.5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*",
              "matchCriteriaId": "5C5B2A50-6734-4B64-AFD0-DB34C3BDA86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B139D83D-7D18-42C7-988C-2070B66CB943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "047D9636-BCCE-4956-B5A3-D276F1C2EF2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A8A794E-E1CB-4F0F-9739-D625E94EA566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64EEEA0-89CE-46BD-B387-A96521E76A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E96AA3-B567-4E97-979A-D97A4F786D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C407C0-99A2-477B-87CF-6BE9F7B367E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEF0457-39D8-465B-86A7-8DFA44A1F820",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en XMPP SOCKS5 bytestream server en Pidgin anteriores a v2.5.6 permite a usuarios remotos autenticados ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de vectores que incluyen una transferencia de fichero saliente XMPP. NOTA: Algunos de los detalles fueron obtenidos de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2009-1373",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-05-26T15:30:05.187",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://debian.org/security/2009/dsa-1805"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35188"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35194"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35202"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35215"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35294"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35329"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35330"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.pidgin.im/news/security/?id=29"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35067"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-781-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-781-2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1396"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://debian.org/security/2009/dsa-1805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.pidgin.im/news/security/?id=29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-781-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-781-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.