Oval Definition:oval:org.mitre.oval:def:11070
Revision Date:2013-04-29Version:12
Title:protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
Description:protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-3026
Platform(s):CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • finch-devel is earlier than 0:2.6.2-2.el4
  • OR libpurple is earlier than 0:2.6.2-2.el4
  • OR libpurple-perl is earlier than 0:2.6.2-2.el4
  • OR libpurple-tcl is earlier than 0:2.6.2-2.el4
  • OR pidgin-devel is earlier than 0:2.6.2-2.el4
  • OR libpurple-devel is earlier than 0:2.6.2-2.el4
  • OR finch is earlier than 0:2.6.2-2.el4
  • OR pidgin-perl is earlier than 0:2.6.2-2.el4
  • OR pidgin is earlier than 0:2.6.2-2.el4
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • finch-devel is earlier than 0:2.6.2-2.el5
  • OR libpurple is earlier than 0:2.6.2-2.el5
  • OR libpurple-perl is earlier than 0:2.6.2-2.el5
  • OR libpurple-tcl is earlier than 0:2.6.2-2.el5
  • OR pidgin-devel is earlier than 0:2.6.2-2.el5
  • OR libpurple-devel is earlier than 0:2.6.2-2.el5
  • OR finch is earlier than 0:2.6.2-2.el5
  • OR pidgin-perl is earlier than 0:2.6.2-2.el5
  • OR pidgin is earlier than 0:2.6.2-2.el5
    • BACK