CVE-2009-1373

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.5.6 libpurple versions prior to 2.5.6 libpurple-tcl versions prior to 2.5.6 libpurple-devel versions prior to 2.5.6

Description The issue involves multiple vulnerabilities in the affected software, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, a buffer overflow in the XMPP SOCKS5 bytestream server allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer.

Recommendations For Pidgin versions prior to 2.5.6, update to version 2.5.6 or later to resolve the issue. For libpurple versions prior to 2.5.6, update to version 2.5.6 or later to resolve the issue. For libpurple-tcl versions prior to 2.5.6, update to version 2.5.6 or later to resolve the issue. For libpurple-devel versions prior to 2.5.6, update to version 2.5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the XMPP SOCKS5 bytestream server until a patch is available.