CVE-2009-1376

Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.

Múltiples desbordamientos de entero en las funciones msn_slplink_process_msg en el manejador del protocolo de MSN en (1) libpurple/protocols/msn/slplink.c y (2) libpurple/protocols/msnp9/slplink.c en Pidgin anterior a v2.5.6 en plataformas de 32 bits permite a atacantes remotos ejecutar código arbitrario a través de un mensaje mal formado con un valor de offset manipulado, que produce un desbordamiento de búfer. NOTA: Este hecho se produce por un arreglo incompleto de CVE-2008-2927.

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability.
The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.

*Credits: Loic VALBON

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-04-23 CVE Reserved
2009-05-24 CVE Published
2009-09-09 First Exploit
2024-06-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors

CAPEC

References (28)

URL	Tag	Source
http://secunia.com/advisories/35188	Third Party Advisory
http://secunia.com/advisories/37071	Third Party Advisory
http://www.securityfocus.com/bid/35067	Vdb Entry
http://www.vupen.com/english/advisories/2009/1396	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50680	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/9615	2009-09-09

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=500493	2009-05-22

URL	Date	SRC
http://debian.org/security/2009/dsa-1805	2023-11-07
http://secunia.com/advisories/35194	2023-11-07
http://secunia.com/advisories/35202	2023-11-07
http://secunia.com/advisories/35215	2023-11-07
http://secunia.com/advisories/35294	2023-11-07
http://secunia.com/advisories/35329	2023-11-07
http://secunia.com/advisories/35330	2023-11-07
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:140	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173	2023-11-07
http://www.pidgin.im/news/security/?id=32	2023-11-07
http://www.redhat.com/support/errata/RHSA-2009-1059.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2009-1060.html	2023-11-07
http://www.ubuntu.com/usn/USN-781-1	2023-11-07
http://www.ubuntu.com/usn/USN-781-2	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2009-1376	2009-05-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				<= 2.5.5 Search vendor "Pidgin" for product "Pidgin" and version " <= 2.5.5"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.4.0 Search vendor "Pidgin" for product "Pidgin" and version "2.4.0"		32_bit		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.4.1 Search vendor "Pidgin" for product "Pidgin" and version "2.4.1"		32_bit		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.4.2 Search vendor "Pidgin" for product "Pidgin" and version "2.4.2"		32_bit		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.4.3 Search vendor "Pidgin" for product "Pidgin" and version "2.4.3"		32_bit		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.0 Search vendor "Pidgin" for product "Pidgin" and version "2.5.0"		32_bit		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.2 Search vendor "Pidgin" for product "Pidgin" and version "2.5.2"		32_bit		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.3 Search vendor "Pidgin" for product "Pidgin" and version "2.5.3"		32_bit		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.5.4 Search vendor "Pidgin" for product "Pidgin" and version "2.5.4"		32_bit		Affected