NVD脆弱性詳細

CVE-2009-1373

概要	Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
公表日	2009年5月27日0:30
登録日	2021年1月29日13:17
最終更新日	2023年11月7日11:03

CVSS2.0 : HIGH
スコア	7.1
ベクター	AV:N/AC:H/Au:S/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	単一
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:pidgin:pidgin:2.1.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.5.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.5.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.0.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.4.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.5.4:::::::*
cpe:2.3:a:pidgin:pidgin:2.2.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.1.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.3.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.4.3:::::::*
cpe:2.3:a:pidgin:pidgin:2.0.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.0.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.0.2::linux:::::
cpe:2.3:a:pidgin:pidgin:2.3.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.4.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.4.0:::::::*
cpe:2.3:a:pidgin:pidgin::::::::		2.5.5
cpe:2.3:a:pidgin:pidgin:2.5.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.2.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.2.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.5.3:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://www.redhat.com/support/errata/RHSA-2009-1059.html	REDHAT
2	http://www.securityfocus.com/bid/35067	BID	Patch
3	https://bugzilla.redhat.com/show_bug.cgi?id=500488	CONFIRM
4	http://secunia.com/advisories/35202	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/35194	SECUNIA	Vendor Advisory
6	http://www.pidgin.im/news/security/?id=29	CONFIRM	Patch Vendor Advisory
7	http://www.redhat.com/support/errata/RHSA-2009-1060.html	REDHAT
8	http://secunia.com/advisories/35215	SECUNIA
9	http://debian.org/security/2009/dsa-1805	DEBIAN
10	http://www.vupen.com/english/advisories/2009/1396	VUPEN
11	http://secunia.com/advisories/35188	SECUNIA
12	http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml	GENTOO
13	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html	FEDORA
14	http://www.ubuntu.com/usn/USN-781-1	UBUNTU
15	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html	FEDORA
16	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html	FEDORA
17	http://www.ubuntu.com/usn/USN-781-2	UBUNTU
18	http://secunia.com/advisories/35294	SECUNIA
19	http://secunia.com/advisories/35330	SECUNIA
20	http://secunia.com/advisories/35329	SECUNIA
21	http://www.mandriva.com/security/advisories?name=MDVSA-2009:140	MANDRIVA
22	http://www.mandriva.com/security/advisories?name=MDVSA-2009:173	MANDRIVA
23	https://exchange.xforce.ibmcloud.com/vulnerabilities/50682	XF
24	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005	OVAL
25	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722	OVAL

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

構成1	以上	以下	より上	未満
cpe:2.3:a:pidgin:pidgin:2.1.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.5.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.5.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.0.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.4.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.5.4:::::::*
cpe:2.3:a:pidgin:pidgin:2.2.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.1.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.3.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.4.3:::::::*
cpe:2.3:a:pidgin:pidgin:2.0.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.0.2:::::::*
cpe:2.3:a:pidgin:pidgin:2.0.2::linux:::::
cpe:2.3:a:pidgin:pidgin:2.3.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.4.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.4.0:::::::*
cpe:2.3:a:pidgin:pidgin::::::::		2.5.5
cpe:2.3:a:pidgin:pidgin:2.5.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.2.0:::::::*
cpe:2.3:a:pidgin:pidgin:2.2.1:::::::*
cpe:2.3:a:pidgin:pidgin:2.5.3:::::::*