fkie_nvd - fkie_cve-2008-2927

FKIE_CVE-2008-2927

Vulnerability from fkie_nvd - Published: 2008-07-07 23:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

References

URL	Tags
secalert@redhat.com	http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c
secalert@redhat.com	http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c
secalert@redhat.com	http://secunia.com/advisories/30971	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31016	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31105	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31387	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/31642	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32859
secalert@redhat.com	http://secunia.com/advisories/32861
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246
secalert@redhat.com	http://www.debian.org/security/2008/dsa-1610
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:143
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:127
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/07/03/6
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/07/04/1
secalert@redhat.com	http://www.pidgin.im/news/security/?id=25
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0584.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/493682
secalert@redhat.com	http://www.securityfocus.com/archive/1/495165/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/495818/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/29956
secalert@redhat.com	http://www.securitytracker.com/id?1020451
secalert@redhat.com	http://www.ubuntu.com/usn/USN-675-1
secalert@redhat.com	http://www.ubuntu.com/usn/USN-675-2
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2032/references	Vendor Advisory
secalert@redhat.com	http://www.zerodayinitiative.com/advisories/ZDI-08-054
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=453764
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
secalert@redhat.com	https://issues.rpath.com/browse/RPL-2647
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972
af854a3a-2127-422b-91ae-364da2661108	http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c
af854a3a-2127-422b-91ae-364da2661108	http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30971	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31016	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31387	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31642	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32859
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32861
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1610
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:143
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:127
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/03/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/07/04/1
af854a3a-2127-422b-91ae-364da2661108	http://www.pidgin.im/news/security/?id=25
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0584.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493682
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495165/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495818/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29956
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020451
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-675-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-675-2
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2032/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-08-054
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=453764
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-2647
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972

Impacted products

Vendor	Product	Version
pidgin	pidgin	*
pidgin	pidgin	2.0.0
pidgin	pidgin	2.0.1
pidgin	pidgin	2.0.2
pidgin	pidgin	2.1.0
pidgin	pidgin	2.1.1
pidgin	pidgin	2.2.0
pidgin	pidgin	2.2.1
pidgin	pidgin	2.2.2
pidgin	pidgin	2.3.0
pidgin	pidgin	2.3.1
pidgin	pidgin	2.4.0
pidgin	pidgin	2.4.1
adium	adium	*
adium	adium	1.0
adium	adium	1.0.1
adium	adium	1.0.2
adium	adium	1.0.3
adium	adium	1.0.4
adium	adium	1.0.5
adium	adium	1.1
adium	adium	1.1.1
adium	adium	1.1.2
adium	adium	1.1.3
adium	adium	1.1.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E488E097-EF23-40A0-AF31-489F318D1405",
              "versionEndIncluding": "2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC2EBF3-73A7-4542-8E9C-47A4241A224C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF62072D-4956-4FE6-931E-E6EE9C49F3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499D8D5-0801-498C-BD4D-508506918CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CC76CD-FF35-4B3A-9F1E-4E5A65963057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F694A1FC-2F10-48F9-8E8D-C88A8E7397AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D22A117-78BE-4BAC-8A2A-6C00C9E3A4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E216BC-29E4-4C31-9CF0-DE22C2E84968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BD203F7-B983-4FDD-9837-D68D4F388A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90B7CB-1A11-45A8-B0BC-9B2143D84A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8E3CBA-2B33-49EF-9105-8DDBB938F519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72AA3282-CA7D-438C-A07C-A63392333630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEEFF420-2868-422B-BD22-9A5749C2398F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A4013B-81F3-4AB0-8AB9-0A473A2AAD45",
              "versionEndIncluding": "1.2.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D44D7E-116F-488C-8566-F7EA78C847FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8857D0-14C2-49F6-AE8F-287792895776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56022448-6CEE-4DE9-BC5D-F3F401470257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D4A6BA-AB30-4EFA-BF5E-9212CBF6B141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33448B4-31F3-434F-96D4-934D65BF65FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8C3F99-1E0C-4FDB-8E76-46CF6CBBA7B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7B851E0-5D86-4D7F-A1AD-903ADA6A2C52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6DEA45-1C3C-432E-9746-F1C548C8E8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE2A0AA-BD45-4A8B-BB3C-D69BFDC7E363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D6A1C31-EA56-406F-AE65-10F838E4292B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adium:adium:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7223E59A-FA39-4D8A-A48D-1ACCF0454703",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamiento de enteros en las funciones msn_slplink_process_msg en el manejador de protocolo MSN en los archivos (1) libpurple/protocols/msn/slplink.c y (2) libpurple/protocols/msnp9/slplink.c en Pidgin anterior a versi\u00f3n 2.4.3 y Adium anterior a versi\u00f3n 1.3, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un mensaje SLP malformado con un valor de desplazamiento dise\u00f1ado, una vulnerabilidad diferente de CVE-2008-2955."
    }
  ],
  "id": "CVE-2008-2927",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-07-07T23:41:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30971"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31016"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31105"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31387"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31642"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32859"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32861"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1610"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.pidgin.im/news/security/?id=25"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/493682"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/29956"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1020451"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-675-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-675-2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2032/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-2647"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1610"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.pidgin.im/news/security/?id=25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-675-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-675-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2032/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-2927 (GCVE-0-2008-2927)

Vulnerability from cvelistv5 – Published: 2008-07-07 23:00 – Updated: 2024-08-07 09:21

Summary

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.ubuntu.com/usn/USN-675-2	vendor-advisoryx_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2008/07/04/1	mailing-listx_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	http://developer.pidgin.im/viewmtn/revision/diff/…	x_refsource_CONFIRM
	http://secunia.com/advisories/32861	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1020451	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/30971	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://developer.pidgin.im/viewmtn/revision/diff/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/29956	vdb-entryx_refsource_BID
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246	x_refsource_CONFIRM
	https://issues.rpath.com/browse/RPL-2647	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.openwall.com/lists/oss-security/2008/07/03/6	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/31105	third-party-advisoryx_refsource_SECUNIA
	http://www.pidgin.im/news/security/?id=25	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-675-1	vendor-advisoryx_refsource_UBUNTU
	http://www.zerodayinitiative.com/advisories/ZDI-08-054	x_refsource_MISC
	http://secunia.com/advisories/31642	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32859	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31387	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1610	vendor-advisoryx_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=453764	x_refsource_CONFIRM
	http://secunia.com/advisories/31016	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/495818/100…	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2008/2032…	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/493682	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/495165/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-675-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-675-2"
          },
          {
            "name": "[oss-security] 20080703 Re: Re: CVE Request (pidgin)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
          },
          {
            "name": "RHSA-2008:0584",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
          },
          {
            "name": "32861",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32861"
          },
          {
            "name": "1020451",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020451"
          },
          {
            "name": "30971",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30971"
          },
          {
            "name": "oval:org.mitre.oval:def:11695",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
          },
          {
            "name": "29956",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29956"
          },
          {
            "name": "MDVSA-2008:143",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
          },
          {
            "name": "oval:org.mitre.oval:def:17972",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2647"
          },
          {
            "name": "MDVSA-2009:127",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
          },
          {
            "name": "[oss-security] 20080704 Re: Re: CVE Request (pidgin)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
          },
          {
            "name": "31105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31105"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.pidgin.im/news/security/?id=25"
          },
          {
            "name": "USN-675-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-675-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
          },
          {
            "name": "31642",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31642"
          },
          {
            "name": "32859",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32859"
          },
          {
            "name": "31387",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31387"
          },
          {
            "name": "DSA-1610",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1610"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
          },
          {
            "name": "31016",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31016"
          },
          {
            "name": "20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
          },
          {
            "name": "adium-msnprotocol-code-execution(44774)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
          },
          {
            "name": "ADV-2008-2032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2032/references"
          },
          {
            "name": "20080625 Pidgin 2.4.1 Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493682"
          },
          {
            "name": "20080806 rPSA-2008-0246-1 gaim",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-675-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-675-2"
        },
        {
          "name": "[oss-security] 20080703 Re: Re: CVE Request (pidgin)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/04/1"
        },
        {
          "name": "RHSA-2008:0584",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0584.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c"
        },
        {
          "name": "32861",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32861"
        },
        {
          "name": "1020451",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020451"
        },
        {
          "name": "30971",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30971"
        },
        {
          "name": "oval:org.mitre.oval:def:11695",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c"
        },
        {
          "name": "29956",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29956"
        },
        {
          "name": "MDVSA-2008:143",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:143"
        },
        {
          "name": "oval:org.mitre.oval:def:17972",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2647"
        },
        {
          "name": "MDVSA-2009:127",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:127"
        },
        {
          "name": "[oss-security] 20080704 Re: Re: CVE Request (pidgin)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/07/03/6"
        },
        {
          "name": "31105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31105"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.pidgin.im/news/security/?id=25"
        },
        {
          "name": "USN-675-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-675-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-054"
        },
        {
          "name": "31642",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31642"
        },
        {
          "name": "32859",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32859"
        },
        {
          "name": "31387",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31387"
        },
        {
          "name": "DSA-1610",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1610"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=453764"
        },
        {
          "name": "31016",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31016"
        },
        {
          "name": "20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495818/100/0/threaded"
        },
        {
          "name": "adium-msnprotocol-code-execution(44774)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44774"
        },
        {
          "name": "ADV-2008-2032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2032/references"
        },
        {
          "name": "20080625 Pidgin 2.4.1 Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493682"
        },
        {
          "name": "20080806 rPSA-2008-0246-1 gaim",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-2927",
    "datePublished": "2008-07-07T23:00:00",
    "dateReserved": "2008-06-30T00:00:00",
    "dateUpdated": "2024-08-07T09:21:34.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2008-2927

CVE-2008-2927 (GCVE-0-2008-2927)

Tags

Sightings

Nomenclature