FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-0277

This CVE name corresponds to:

Entered Topic
2010-04-20 pidgin -- multiple remote denial of service vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-0277 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-0277
Phase Assigned(20100109)

Description

slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.

References

Source Reference
MLIST [oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload
MISC http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
CONFIRM http://developer.pidgin.im/wiki/ChangeLog
CONFIRM http://pidgin.im/news/security/?id=43
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=554335
CONFIRM http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn
FEDORA FEDORA-2010-1279
FEDORA FEDORA-2010-1383
FEDORA FEDORA-2010-1934
MANDRIVA MDVSA-2010:041
MANDRIVA MDVSA-2010:085
REDHAT RHSA-2010:0115
SUSE SUSE-SR:2010:006
UBUNTU USN-902-1
BID 38294
OVAL oval:org.mitre.oval:def:9421
OVAL oval:org.mitre.oval:def:18348
SECUNIA 38563
SECUNIA 38640
SECUNIA 38658
SECUNIA 38712
SECUNIA 38915
SECUNIA 41868
VUPEN ADV-2010-0413
VUPEN ADV-2010-1020
VUPEN ADV-2010-2693

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.