CVE-2009-1376
CVE-2009-1376
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/9615não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://debian.org/security/2009/dsa-1805https://bugzilla.redhat.com/show_bug.cgi?id=500493http://secunia.com/advisories/35188http://secunia.com/advisories/35194http://secunia.com/advisories/35202http://secunia.com/advisories/35215http://secunia.com/advisories/35294http://secunia.com/advisories/35329http://secunia.com/advisories/35330http://secunia.com/advisories/37071https://exchange.xforce.ibmcloud.com/vulnerabilities/50680https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476