Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-2927

Disclosure Date: July 07, 2008 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

References

Canonical

CVE-2008-2927 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927)

BID-29956 (http://www.securityfocus.com/bid/29956)

Advisory

USN-675-2 (http://www.ubuntu.com/usn/USN-675-2)

[oss-security] 20080703 Re: Re: CVE Request (pidgin) (http://www.openwall.com/lists/oss-security/2008/07/04/1)

http://www.redhat.com/support/errata/RHSA-2008-0584.html

http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c

SECUNIA-32861 (http://secunia.com/advisories/32861)

SECTRACK-1020451 (http://www.securitytracker.com/id?1020451)

SECUNIA-30971 (http://secunia.com/advisories/30971)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695

http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c

http://www.mandriva.com/security/advisories?name=MDVSA-2008:143

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246

https://issues.rpath.com/browse/RPL-2647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:127

[oss-security] 20080704 Re: Re: CVE Request (pidgin) (http://www.openwall.com/lists/oss-security/2008/07/03/6)

SECUNIA-31105 (http://secunia.com/advisories/31105)

http://www.pidgin.im/news/security?id=25

USN-675-1 (http://www.ubuntu.com/usn/USN-675-1)

SECUNIA-31642 (http://secunia.com/advisories/31642)

SECUNIA-32859 (http://secunia.com/advisories/32859)

SECUNIA-31387 (http://secunia.com/advisories/31387)

DSA-1610 (http://www.debian.org/security/2008/dsa-1610)

https://bugzilla.redhat.com/show_bug.cgi?id=453764

SECUNIA-31016 (http://secunia.com/advisories/31016)

20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (http://www.securityfocus.com/archive/1/495818/100/0/threaded)

XF-adium-msnprotocol-code-execution(44774) (https://exchange.xforce.ibmcloud.com/vulnerabilities/44774)

ADV-2008-2032 (http://www.vupen.com/english/advisories/2008/2032/references)

20080625 Pidgin 2.4.1 Vulnerability (http://www.securityfocus.com/archive/1/493682)

20080806 rPSA-2008-0246-1 gaim (http://www.securityfocus.com/archive/1/495165/100/0/threaded)

Miscellaneous

http://www.zerodayinitiative.com/advisories/ZDI-08-054

http://www.pidgin.im/news/security/?id=25

https://access.redhat.com/errata/RHSA-2008:0584

https://access.redhat.com/security/cve/CVE-2008-2927

Rapid7

Technical Analysis