Pidgin did not sanitize output of Base64 decode operation prior its further processing. A remote attacker, valid Pidgin user, could use this flaw to cause: a, NULL pointer dereference (pidgin daemon crash) by transfering of a specially-crafted buddy icon via the Yahoo protocol plugin b, NULL pointer dereference (pidgin deamon crash) by providing a specially-crafted IP address value for peer-to-peer connection in the Yahoo protocol plugin c, NULL pointer dereference (pidgin daemon crash) by providing a specially-crafted transfer header in the MSN protocol plugin d, NULL pointer dereference (pidgin daemon crash) by providing a specially-crafted login challenge value in the MySpace protocol plugin e, NULL pointer dereference (pidgin daemon crash) by providing a specially-crafted Digest-MD5 authentication challenge in the XMPP protocol plugin Note: This crash can happen only when Cyrus SASL is not available or does not provide Digest-MD5 support f, NULL pointer dereference (pidgin daemon crash) by providing a specially-crafted Type 2 message by authentication via the NTLM protocol Acknowledgements: Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter.
These issues affect the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. -- These issues affect the versions of the pidgin package, as shipped with Fedora release of 12 and 13.
CVE identifier of CVE-2010-3711 has been assigned to these issues.
Public via: [1] http://pidgin.im/news/security/?id=48 Upstream changeset: [2] http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc
Created pidgin tracking bugs for this issue Affects: fedora-all [bug 645297]
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0788 https://rhn.redhat.com/errata/RHSA-2010-0788.html
Am I correct that only f12 and f13 need patched, and f14 and f15 will be fixed by rebasing to Pidgin 2.7.4?
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0890 https://rhn.redhat.com/errata/RHSA-2010-0890.html