CVE-2010-0013

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-0013
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 Broken Link
http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f Broken Link
http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 Broken Link
http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c Broken Link
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html Product
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html Mailing List
http://secunia.com/advisories/37953 Broken Link Vendor Advisory
http://secunia.com/advisories/37954 Broken Link Vendor Advisory
http://secunia.com/advisories/37961 Broken Link
http://secunia.com/advisories/38915 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 Broken Link
http://www.openwall.com/lists/oss-security/2010/01/02/1 Mailing List Patch
http://www.openwall.com/lists/oss-security/2010/01/07/1 Mailing List
http://www.openwall.com/lists/oss-security/2010/01/07/2 Mailing List
http://www.vupen.com/english/advisories/2009/3662 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2009/3663 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2010/1020 Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=552483 Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 Broken Link
http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 Broken Link
http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f Broken Link
http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 Broken Link
http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c Broken Link
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html Product
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html Mailing List
http://secunia.com/advisories/37953 Broken Link Vendor Advisory
http://secunia.com/advisories/37954 Broken Link Vendor Advisory
http://secunia.com/advisories/37961 Broken Link
http://secunia.com/advisories/38915 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 Broken Link
http://www.openwall.com/lists/oss-security/2010/01/02/1 Mailing List Patch
http://www.openwall.com/lists/oss-security/2010/01/07/1 Mailing List
http://www.openwall.com/lists/oss-security/2010/01/07/2 Mailing List
http://www.vupen.com/english/advisories/2009/3662 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2009/3663 Permissions Required Vendor Advisory
http://www.vupen.com/english/advisories/2010/1020 Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=552483 Issue Tracking Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adium:adium:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
History

21 Nov 2024, 01:11

Type Values Removed Values Added
References () http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 - Broken Link () http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 - Broken Link
References () http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f - Broken Link () http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f - Broken Link
References () http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 - Broken Link () http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 - Broken Link
References () http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c - Broken Link () http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c - Broken Link
References () http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html - Product () http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html - Product
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html - Mailing List () http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html - Mailing List
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html - Mailing List () http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html - Mailing List
References () http://secunia.com/advisories/37953 - Broken Link, Vendor Advisory () http://secunia.com/advisories/37953 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/37954 - Broken Link, Vendor Advisory () http://secunia.com/advisories/37954 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/37961 - Broken Link () http://secunia.com/advisories/37961 - Broken Link
References () http://secunia.com/advisories/38915 - Broken Link () http://secunia.com/advisories/38915 - Broken Link
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 - Broken Link
References () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 - Broken Link () http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 - Broken Link
References () http://www.openwall.com/lists/oss-security/2010/01/02/1 - Mailing List, Patch () http://www.openwall.com/lists/oss-security/2010/01/02/1 - Mailing List, Patch
References () http://www.openwall.com/lists/oss-security/2010/01/07/1 - Mailing List () http://www.openwall.com/lists/oss-security/2010/01/07/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2010/01/07/2 - Mailing List () http://www.openwall.com/lists/oss-security/2010/01/07/2 - Mailing List
References () http://www.vupen.com/english/advisories/2009/3662 - Permissions Required, Vendor Advisory () http://www.vupen.com/english/advisories/2009/3662 - Permissions Required, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/3663 - Permissions Required, Vendor Advisory () http://www.vupen.com/english/advisories/2009/3663 - Permissions Required, Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/1020 - Permissions Required () http://www.vupen.com/english/advisories/2010/1020 - Permissions Required
References () https://bugzilla.redhat.com/show_bug.cgi?id=552483 - Issue Tracking, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=552483 - Issue Tracking, Patch
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 - Broken Link

26 Jan 2024, 17:47

Type Values Removed Values Added
CPE cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*
cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
CVSS v2 : 5.0
v3 : unknown 		v2 : 5.0
v3 : 7.5
References (VUPEN) http://www.vupen.com/english/advisories/2010/1020 - (VUPEN) http://www.vupen.com/english/advisories/2010/1020 - Permissions Required
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620 - Broken Link
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1 - Broken Link
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=552483 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=552483 - Issue Tracking, Patch
References (SECUNIA) http://secunia.com/advisories/37961 - (SECUNIA) http://secunia.com/advisories/37961 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 - Broken Link
References (MISC) http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 - (MISC) http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html - Mailing List
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/37953 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/37953 - Broken Link, Vendor Advisory
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html - Mailing List
References (VUPEN) http://www.vupen.com/english/advisories/2009/3662 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2009/3662 - Permissions Required, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/38915 - (SECUNIA) http://secunia.com/advisories/38915 - Broken Link
References (MLIST) http://www.openwall.com/lists/oss-security/2010/01/02/1 - (MLIST) http://www.openwall.com/lists/oss-security/2010/01/02/1 - Mailing List, Patch
References (MLIST) http://www.openwall.com/lists/oss-security/2010/01/07/2 - (MLIST) http://www.openwall.com/lists/oss-security/2010/01/07/2 - Mailing List
References (CONFIRM) http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 - (CONFIRM) http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 - Broken Link
References (MISC) http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html - (MISC) http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html - Product
References (CONFIRM) http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c - (CONFIRM) http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c - Broken Link
References (MISC) http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f - (MISC) http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2009/3663 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2009/3663 - Permissions Required, Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2010/01/07/1 - (MLIST) http://www.openwall.com/lists/oss-security/2010/01/07/1 - Mailing List
References (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 - (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1 - Broken Link
References (SECUNIA) http://secunia.com/advisories/37954 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/37954 - Broken Link, Vendor Advisory
Information

Published : 2010-01-09 18:30

Updated : 2024-11-21 01:11

NVD link : CVE-2010-0013

Mitre link : CVE-2010-0013

CVE.ORG link : CVE-2010-0013

JSON object : View

Products Affected

suse

  • linux_enterprise
  • linux_enterprise_server

fedoraproject

  • fedora

adium

  • adium

pidgin

  • pidgin

opensuse

  • opensuse

redhat

  • enterprise_linux
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')