Oval Definition:oval:org.mitre.oval:def:10333
Revision Date:2013-04-29Version:12
Title:Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Description:Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-0013
Platform(s):CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • finch-devel is earlier than 0:2.6.5-1.el4.1
  • OR libpurple is earlier than 0:2.6.5-1.el4.1
  • OR libpurple-perl is earlier than 0:2.6.5-1.el4.1
  • OR libpurple-tcl is earlier than 0:2.6.5-1.el4.1
  • OR pidgin-devel is earlier than 0:2.6.5-1.el4.1
  • OR libpurple-devel is earlier than 0:2.6.5-1.el4.1
  • OR finch is earlier than 0:2.6.5-1.el4.1
  • OR pidgin-perl is earlier than 0:2.6.5-1.el4.1
  • OR pidgin is earlier than 0:2.6.5-1.el4.1
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • finch-devel is earlier than 0:2.6.5-1.el5
  • OR libpurple is earlier than 0:2.6.5-1.el5
  • OR libpurple-perl is earlier than 0:2.6.5-1.el5
  • OR libpurple-tcl is earlier than 0:2.6.5-1.el5
  • OR pidgin-devel is earlier than 0:2.6.5-1.el5
  • OR libpurple-devel is earlier than 0:2.6.5-1.el5
  • OR finch is earlier than 0:2.6.5-1.el5
  • OR pidgin-perl is earlier than 0:2.6.5-1.el5
  • OR pidgin is earlier than 0:2.6.5-1.el5
    • BACK