| /// File Name: | USN-675-1.txt | Description:
| Ubuntu Security Notice USN-675-1 - It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11191 | | Related CVE(s): | CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532 | | Last Modified: | Nov 24 14:24:31 2008 | | MD5 Checksum: | 0098420282844427f88f652caa74059f |
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
