製品・ソフトウェアに関する情報

JVN脆弱性詳細

Pidgin の Yahoo! プロトコルプラグインにおけるサービス運用妨害 (DoS) の脆弱性

Title	Pidgin の Yahoo! プロトコルプラグインにおけるサービス運用妨害 (DoS) の脆弱性
Summary	Pidgin の libpurple 内にある、Yahoo! プロトコルプラグインの libymsg.c には、サービス運用妨害 (NULL ポインタデリファレンスおよびアプリケーションクラッシュ) 状態となる脆弱性が存在します。
Possible impacts	(1)リモート認証されたユーザにより、不正な形式の通知パケットを介して、サービス運用妨害 (NULL ポインタデリファレンスおよびアプリケーションクラッシュ) 状態にされる可能性があります。 (2)Yahoo! サーバにより、不正な形式の SMS メッセージを介して、サービス運用妨害 (NULL ポインタデリファレンスおよびアプリケーションクラッシュ) 状態にされる可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	March 10, 2011, midnight
Registration Date	June 1, 2011, 10:39 a.m.
Last Update	Sept. 28, 2012, 5:46 p.m.

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:N/I:N/A:P

Affected System

レッドハット

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

オラクル

Oracle Solaris 10

Pidgin

Pidgin 2.7.10 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1091	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091
National Vulnerability Database (NVD)
2	CVE-2011-1091	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1091
SECURITY BLOG
3	CVE-2011-1091 Denial of Service Vulnerability in Pidgin	https://blogs.oracle.com/sunsecurity/entry/cve_2011_1091_denial_of

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Pidgin
1	Certificates	http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7
2	ChangeLog	http://developer.pidgin.im/wiki/ChangeLog
Red Hat Security Advisory
3	RHSA-2011:0616	https://rhn.redhat.com/errata/RHSA-2011-0616.html
SECURITY BLOG
4	Multiple vulnerabilities in Pidgin	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_pidgin1

その他

No	Name	URL
ISS X-Force Database
1	66055	http://xforce.iss.net/xforce/xfdb/66055
Secunia Advisory
2	SA43695	http://secunia.com/advisories/43695
SecurityFocus
3	46837	http://www.securityfocus.com/bid/46837

Change Log

No	Changed Details	Date of change
0	[2011年06月01日] 掲載 [2012年02月20日] 影響を受けるシステム：オラクル (CVE-2011-1091 Denial of Service Vulnerability in Pidgin) の情報を追加ベンダ情報：オラクル (CVE-2011-1091 Denial of Service Vulnerability in Pidgin) を追加 [2012年09月28日] ベンダ情報：オラクル (Multiple vulnerabilities in Pidgin) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-1091

Summary	libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.
Publication Date	March 15, 2011, 4:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:25 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:pidgin:pidgin:2.7.9:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.5:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.4:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.6:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.10:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.3:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.5:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.6:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.8:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.7:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.4:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c	Patch
2	http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7	Patch
3	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html
4	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html
5	http://secunia.com/advisories/43695	Vendor Advisory
6	http://secunia.com/advisories/43721
7	http://secunia.com/advisories/46376
8	http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884
9	http://www.pidgin.im/news/security/?id=51	Patch Vendor Advisory
10	http://www.redhat.com/support/errata/RHSA-2011-0616.html
11	http://www.redhat.com/support/errata/RHSA-2011-1371.html
12	http://www.securityfocus.com/bid/46837
13	http://www.vupen.com/english/advisories/2011/0643
14	http://www.vupen.com/english/advisories/2011/0661
15	http://www.vupen.com/english/advisories/2011/0669
16	http://www.vupen.com/english/advisories/2011/0703
17	https://bugzilla.redhat.com/show_bug.cgi?id=683031
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/66055
19	https://hermes.opensuse.org/messages/13195955
20	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402
21	http://developer.pidgin.im/viewmtn/revision/diff/5cbe18129b6e7c660bc093f7e5e1414ceca17d04/with/a7c415abba1f5f01f79295337518837f73d99bb7/libpurple/protocols/yahoo/libymsg.c	Patch
22	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402
23	https://hermes.opensuse.org/messages/13195955
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/66055
25	https://bugzilla.redhat.com/show_bug.cgi?id=683031
26	http://www.vupen.com/english/advisories/2011/0703
27	http://www.vupen.com/english/advisories/2011/0669
28	http://www.vupen.com/english/advisories/2011/0661
29	http://www.vupen.com/english/advisories/2011/0643
30	http://www.securityfocus.com/bid/46837
31	http://www.redhat.com/support/errata/RHSA-2011-1371.html
32	http://www.redhat.com/support/errata/RHSA-2011-0616.html
33	http://www.pidgin.im/news/security/?id=51	Patch Vendor Advisory
34	http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884
35	http://secunia.com/advisories/46376
36	http://secunia.com/advisories/43721
37	http://secunia.com/advisories/43695	Vendor Advisory
38	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html
39	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html
40	http://developer.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7	Patch

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:pidgin:pidgin:2.7.9:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.5:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.4:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.6:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.10:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.3:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.5:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.6:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.8:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.7:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.6.4:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.7.1:::::::*