CVE-2009-1373

NameCVE-2009-1373
DescriptionBuffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1805-1
NVD severityhigh (attack range: remote, user-initiated)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pidgin (PTS)squeeze, squeeze (security)2.7.3-1+squeeze4fixed
wheezy, wheezy (security)2.10.10-1~deb7u1fixed
stretch, sid, jessie2.10.11-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gaimsource(unstable)(unfixed)high
gaimsourcelenny(not affected)
pidginsource(unstable)2.5.6-1high
pidginsourcelenny2.4.3-4lenny2highDSA-1805-1

Notes

[lenny] - gaim <not-affected> (Only a transitional package)

Search for package or bug name: Reporting problems