CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
94.1%
Jan Wagner uploaded a new package for pidgin which fixed the following
security problem:
CVE-2010-0013[1] and Debian Bug #563206[2]
It was discovered that Pidgin did not properly handle custom smiley
requests in the MSN protocol handler. A remote attacker could send a
specially crafted filename in a custom smiley request and obtain arbitrary
files via directory traversal.
For the lenny distribution the problem has been fixed soon in
version 2.4.3-4lenny5.
For the sid distribution the problem has been fixed in
version 2.6.5-2.
If you don't use pinning (see [1]) you have to update nagios3
manually via "apt-get -t etch-backports install nagios".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
[1] http://security-tracker.debian.org/tracker/CVE-2010-0013
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563206
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | all | pidgin-data | < 2.4.3-4lenny5 | pidgin-data_2.4.3-4lenny5_all.deb |
Debian | 999 | mips | libpurple0 | < 2.6.5-2 | libpurple0_2.6.5-2_mips.deb |
Debian | 999 | mipsel | pidgin-dbg | < 2.6.5-2 | pidgin-dbg_2.6.5-2_mipsel.deb |
Debian | 5 | hppa | finch | < 2.4.3-4lenny5 | finch_2.4.3-4lenny5_hppa.deb |
Debian | 5 | i386 | finch | < 2.4.3-4lenny5 | finch_2.4.3-4lenny5_i386.deb |
Debian | 5 | mipsel | libpurple0 | < 2.4.3-4lenny5 | libpurple0_2.4.3-4lenny5_mipsel.deb |
Debian | 5 | all | finch-dev | < 2.4.3-4lenny5 | finch-dev_2.4.3-4lenny5_all.deb |
Debian | 999 | ia64 | libpurple0 | < 2.6.5-2 | libpurple0_2.6.5-2_ia64.deb |
Debian | 5 | armel | finch | < 2.4.3-4lenny5 | finch_2.4.3-4lenny5_armel.deb |
Debian | 5 | ia64 | pidgin | < 2.4.3-4lenny5 | pidgin_2.4.3-4lenny5_ia64.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
94.1%