CVE-2010-0013

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-0013
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 Broken Link
http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f Broken Link
http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 Broken Link
http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c Broken Link
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html Product
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html Mailing List
http://secunia.com/advisories/37953 Broken Link Vendor Advisory
http://secunia.com/advisories/37954 Broken Link Vendor Advisory
http://secunia.com/advisories/37961 Broken Link
http://secunia.com/advisories/38915 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 Broken Link
http://www.openwall.com/lists/oss-security/2010/01/02/1 Mailing List Patch
http://www.openwall.com/lists/oss-security/2010/01/07/1 Mailing List
http://www.openwall.com/lists/oss-security/2010/01/07/2 Mailing List
http://www.vupen.com/english/advisories/2009/3662 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2009/3663 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2010/1020 Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=552483 Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 Broken Link
http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 Broken Link
http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f Broken Link
http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 Broken Link
http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c Broken Link
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html Product
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html Mailing List
http://secunia.com/advisories/37953 Broken Link Vendor Advisory
http://secunia.com/advisories/37954 Broken Link Vendor Advisory
http://secunia.com/advisories/37961 Broken Link
http://secunia.com/advisories/38915 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 Broken Link
http://www.openwall.com/lists/oss-security/2010/01/02/1 Mailing List Patch
http://www.openwall.com/lists/oss-security/2010/01/07/1 Mailing List
http://www.openwall.com/lists/oss-security/2010/01/07/2 Mailing List
http://www.vupen.com/english/advisories/2009/3662 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2009/3663 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2010/1020 Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=552483 Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adium:adium:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
History

21 Nov 2024, 01:11

Type Values Removed Values Added
References () http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 - Broken Link () http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 - Broken Link
References () http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f - Broken Link () http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f - Broken Link
References () http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 - Broken Link () http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 - Broken Link
References () http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c - Broken Link () http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c - Broken Link
References () http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html - Product () http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html - Product
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html - Mailing List () http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html - Mailing List
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html - Mailing List () http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html - Mailing List
References () http://secunia.com/advisories/37953 - Broken Link, Vendor Advisory () http://secunia.com/advisories/37953 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/37954 - Broken Link, Vendor Advisory () http://secunia.com/advisories/37954 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/37961 - Broken Link () http://secunia.com/advisories/37961 - Broken Link
References () http://secunia.com/advisories/38915 - Broken Link () http://secunia.com/advisories/38915 - Broken Link
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 - Broken Link
References () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 - Broken Link
References () http://www.openwall.com/lists/oss-security/2010/01/02/1 - Mailing List, Patch () http://www.openwall.com/lists/oss-security/2010/01/02/1 - Mailing List, Patch
References () http://www.openwall.com/lists/oss-security/2010/01/07/1 - Mailing List () http://www.openwall.com/lists/oss-security/2010/01/07/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2010/01/07/2 - Mailing List () http://www.openwall.com/lists/oss-security/2010/01/07/2 - Mailing List
References () http://www.vupen.com/english/advisories/2009/3662 - Permissions Required, Vendor Advisory () http://www.vupen.com/english/advisories/2009/3662 - Permissions Required, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/3663 - Permissions Required, Vendor Advisory () http://www.vupen.com/english/advisories/2009/3663 - Permissions Required, Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/1020 - Permissions Required () http://www.vupen.com/english/advisories/2010/1020 - Permissions Required
References () https://bugzilla.redhat.com/show_bug.cgi?id=552483 - Issue Tracking, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=552483 - Issue Tracking, Patch
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 - Broken Link

26 Jan 2024, 17:47

Type Values Removed Values Added
References (SECUNIA) http://secunia.com/advisories/37961 - (SECUNIA) http://secunia.com/advisories/37961 - Broken Link
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 - Broken Link
References (SECUNIA) http://secunia.com/advisories/38915 - (SECUNIA) http://secunia.com/advisories/38915 - Broken Link
References (SECUNIA) http://secunia.com/advisories/37954 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/37954 - Broken Link, Vendor Advisory
References (MISC) http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f - (MISC) http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f - Broken Link
References (MISC) http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html - (MISC) http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html - Product
References (SECUNIA) http://secunia.com/advisories/37953 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/37953 - Broken Link, Vendor Advisory
References (MISC) http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 - (MISC) http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 - Broken Link
References (MLIST) http://www.openwall.com/lists/oss-security/2010/01/07/1 - (MLIST) http://www.openwall.com/lists/oss-security/2010/01/07/1 - Mailing List
References (CONFIRM) http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 - (CONFIRM) http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 - Broken Link
References (MLIST) http://www.openwall.com/lists/oss-security/2010/01/07/2 - (MLIST) http://www.openwall.com/lists/oss-security/2010/01/07/2 - Mailing List
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=552483 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=552483 - Issue Tracking, Patch
References (CONFIRM) http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c - (CONFIRM) http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c - Broken Link
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html - Mailing List
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html - Mailing List
References (VUPEN) http://www.vupen.com/english/advisories/2009/3663 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2009/3663 - Permissions Required, Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2010/01/02/1 - (MLIST) http://www.openwall.com/lists/oss-security/2010/01/02/1 - Mailing List, Patch
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/3662 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2009/3662 - Permissions Required, Vendor Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2010/1020 - (VUPEN) http://www.vupen.com/english/advisories/2010/1020 - Permissions Required
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html - Mailing List
CPE cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*
CVSS v2 : 5.0
v3 : unknown 		v2 : 5.0
v3 : 7.5
First Time Suse
Suse linux Enterprise Server
Opensuse
Fedoraproject
Fedoraproject fedora
Redhat enterprise Linux
Suse linux Enterprise
Redhat
Opensuse opensuse

07 Nov 2023, 02:04

Type Values Removed Values Added
Summary Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Information

Published : 2010-01-09 18:30

Updated : 2024-11-21 01:11

NVD link : CVE-2010-0013

Mitre link : CVE-2010-0013

CVE.ORG link : CVE-2010-0013

JSON object : View

Products Affected

opensuse

  • opensuse

redhat

  • enterprise_linux

suse

  • linux_enterprise_server
  • linux_enterprise

pidgin

  • pidgin

adium

  • adium

fedoraproject

  • fedora
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024