CVE-2010-0013

Pidgin MSN 2.6.4 - File Download

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

Vulnerabilidad de salto de directorio en slp.c en el complemento del protocolo MSN en libpurple en Pidgin v2.6.4 y Adium v1.3.8 permite a atacantes remotos leer ficheros de su elección a través de un .. (punto punto) en una petición emoticono MSN application/x-msnmsgrp2p (también conocido como emoticono personalizado), un caso relaciona con CVE-2004-0122. Se podría decir que es el resultado de una vulnerabilidad en ña que un emoticono descarga peticiones es procesado incluso sin un mensaje que preceda text/x-mms-emoticon que anunció la disponibilidad del emoticono.

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.5, which is not vulnerable to these issues.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-12-14 CVE Reserved
2010-01-09 CVE Published
2010-01-19 First Exploit
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (24)

URL	Tag	Source
http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467	Broken Link
http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f	Broken Link
http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810	Broken Link
http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c	Broken Link
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html	Product
http://secunia.com/advisories/37961	Broken Link
http://secunia.com/advisories/38915	Broken Link
http://www.openwall.com/lists/oss-security/2010/01/07/1	Mailing List
http://www.openwall.com/lists/oss-security/2010/01/07/2	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620	Broken Link

URL	Date	SRC
https://packetstorm.news/files/id/85413	2010-01-20
https://www.exploit-db.com/exploits/11203	2010-01-19

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2010/01/02/1	2024-01-26
https://bugzilla.redhat.com/show_bug.cgi?id=552483	2010-01-14

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html	2024-01-26
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html	2024-01-26
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html	2024-01-26
http://secunia.com/advisories/37953	2024-01-26
http://secunia.com/advisories/37954	2024-01-26
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1	2024-01-26
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1	2024-01-26
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085	2024-01-26
https://access.redhat.com/security/cve/CVE-2010-0013	2010-01-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adium Search vendor "Adium"		Adium Search vendor "Adium" for product "Adium"				1.3.8 Search vendor "Adium" for product "Adium" and version "1.3.8"		-		Affected
Pidgin Search vendor "Pidgin"		Pidgin Search vendor "Pidgin" for product "Pidgin"				2.6.4 Search vendor "Pidgin" for product "Pidgin" and version "2.6.4"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				11 Search vendor "Fedoraproject" for product "Fedora" and version "11"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				12 Search vendor "Fedoraproject" for product "Fedora" and version "12"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				>= 11.0 <= 11.2 Search vendor "Opensuse" for product "Opensuse" and version " >= 11.0 <= 11.2"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				11.0 Search vendor "Suse" for product "Linux Enterprise" and version "11.0"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10"		sp2		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10"		sp3		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				4.0 Search vendor "Redhat" for product "Enterprise Linux" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"		-		Affected