CVE - CVE-2008-2927

CVE-ID
CVE-2008-2927	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080625 Pidgin 2.4.1 Vulnerability URL:http://www.securityfocus.com/archive/1/493682 BUGTRAQ:20080806 rPSA-2008-0246-1 gaim URL:http://www.securityfocus.com/archive/1/495165/100/0/threaded BUGTRAQ:20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/495818/100/0/threaded MLIST:[oss-security] 20080703 Re: Re: CVE Request (pidgin) URL:http://www.openwall.com/lists/oss-security/2008/07/04/1 MLIST:[oss-security] 20080704 Re: Re: CVE Request (pidgin) URL:http://www.openwall.com/lists/oss-security/2008/07/03/6 MISC:http://www.zerodayinitiative.com/advisories/ZDI-08-054 CONFIRM:http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c CONFIRM:http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=453764 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246 CONFIRM:https://issues.rpath.com/browse/RPL-2647 CONFIRM:http://www.pidgin.im/news/security/?id=25 DEBIAN:DSA-1610 URL:http://www.debian.org/security/2008/dsa-1610 MANDRIVA:MDVSA-2008:143 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:143 MANDRIVA:MDVSA-2009:127 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:127 REDHAT:RHSA-2008:0584 URL:http://www.redhat.com/support/errata/RHSA-2008-0584.html UBUNTU:USN-675-1 URL:http://www.ubuntu.com/usn/USN-675-1 UBUNTU:USN-675-2 URL:http://www.ubuntu.com/usn/USN-675-2 BID:29956 URL:http://www.securityfocus.com/bid/29956 OVAL:oval:org.mitre.oval:def:11695 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695 OVAL:oval:org.mitre.oval:def:17972 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972 SECUNIA:32859 URL:http://secunia.com/advisories/32859 SECUNIA:32861 URL:http://secunia.com/advisories/32861 VUPEN:ADV-2008-2032 URL:http://www.vupen.com/english/advisories/2008/2032/references SECTRACK:1020451 URL:http://www.securitytracker.com/id?1020451 SECUNIA:30971 URL:http://secunia.com/advisories/30971 SECUNIA:31016 URL:http://secunia.com/advisories/31016 SECUNIA:31105 URL:http://secunia.com/advisories/31105 SECUNIA:31387 URL:http://secunia.com/advisories/31387 SECUNIA:31642 URL:http://secunia.com/advisories/31642 XF:adium-msnprotocol-code-execution(44774) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
Assigning CNA
N/A
Date Entry Created
20080630	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080630)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.