FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pidgin -- MSN overflow parsing SLP messages

Affected packages
finch < 2.5.9
libpurple < 2.5.9
pidgin < 2.5.9

Details

VuXML ID 59e7af2d-8db7-11de-883b-001e3300a30d
Discovery 2009-08-18
Entry 2009-08-20

Secunia reports:

A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error in the "msn_slplink_process_msg()" function when processing MSN SLP messages and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.5.8 and prior. Other versions may also be affected.

References

CVE Name CVE-2009-2694
URL http://secunia.com/advisories/36384/
URL http://www.pidgin.im/news/security/?id=34