CVE-2010-0013

Common Vulnerabilities and Exposures

Upstream information

CVE-2010-0013 at MITRE

Description

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entries: 567799, 569616, 581201

SUSE Security Advisories:

SUSE-SR:2010:006, published Mon, 15 Mar 2010 11:11:00 +0000
openSUSE-SU-2010:0204-1, published Fri, 16 Apr 2010 16:13:04 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise 11 Moblin 2.0	`pidgin-debuginfo >= 2.6.6-0.1.2` `pidgin-debugsource >= 2.6.6-0.1.2`	SAT Patch Nr: 2058
SUSE Linux Enterprise 11 Moblin 2.0	`libpurple >= 2.6.6-0.1.2` `libpurple-lang >= 2.6.6-0.1.2` `pidgin >= 2.6.6-0.1.2`	SAT Patch Nr: 2058
SUSE Linux Enterprise 11 Moblin 2.1 DEBUGINFO	`pidgin-debuginfo >= 2.6.6-0.1.2` `pidgin-debugsource >= 2.6.6-0.1.2`	SAT Patch Nr: 2076
SUSE Linux Enterprise 11 Moblin 2.1	`libpurple >= 2.6.6-0.1.2` `libpurple-lang >= 2.6.6-0.1.2`	SAT Patch Nr: 2076
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86	`finch >= 2.6.6-0.4.1` `libpurple >= 2.6.6-0.4.1` `pidgin >= 2.6.6-0.4.1`	sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.ppc sled10-sp3.x86-64 sles10-sp3-debuginfo.ia64 sled10-sp3.x86 sles10-sp3-debuginfo.s390x sle10-sp3-sdk.ia64 sles10-sp3-debuginfo.x86-64 sle10-sp3-sdk.x86 sles10-sp3-debuginfo.x86 sle10-sp3-sdk.ppc ZYPP Patch Nr: 6861
SUSE Linux Enterprise Server 10 SP3 DEBUGINFO	`pidgin-debuginfo >= 2.6.6-0.4.1`	sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.ppc sled10-sp3.x86-64 sles10-sp3-debuginfo.ia64 sled10-sp3.x86 sles10-sp3-debuginfo.s390x sle10-sp3-sdk.ia64 sles10-sp3-debuginfo.x86-64 sle10-sp3-sdk.x86 sles10-sp3-debuginfo.x86 sle10-sp3-sdk.ppc ZYPP Patch Nr: 6861
SUSE Linux Enterprise SDK 10 SP3	`finch >= 2.6.6-0.4.1` `finch-devel >= 2.6.6-0.4.1` `libpurple >= 2.6.6-0.4.1` `libpurple-devel >= 2.6.6-0.4.1` `pidgin >= 2.6.6-0.4.1` `pidgin-devel >= 2.6.6-0.4.1`	sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.ppc sled10-sp3.x86-64 sles10-sp3-debuginfo.ia64 sled10-sp3.x86 sles10-sp3-debuginfo.s390x sle10-sp3-sdk.ia64 sles10-sp3-debuginfo.x86-64 sle10-sp3-sdk.x86 sles10-sp3-debuginfo.x86 sle10-sp3-sdk.ppc ZYPP Patch Nr: 6861
SUSE Linux Enterprise 11 GA DEBUGINFO	`pidgin-debuginfo >= 2.6.6-0.1.1` `pidgin-debugsource >= 2.6.6-0.1.1`	sled11.x86-64 sle11-sdk.x86-64 sle11-sdk.ppc sled11.x86 sle11-debuginfo.x86 sled11.x86 sle11-sdk.x86 sle11-sdk.ia64 sle11-sdk.s390x sle11-debuginfo.x86-64 sle11-debuginfo.ppc sle11-sdk.s390x sle11-debuginfo.s390x sle11-sdk.x86 sle11-debuginfo.ia64 sle11-debuginfo.s390x sle11-debuginfo.x86 sle11-debuginfo.x86-64 sled11.x86-64 sle11-sdk.ppc sle11-debuginfo.ia64 sle11-debuginfo.ppc sle11-sdk.ia64 sle11-sdk.x86-64 SAT Patch Nr: 2019
SUSE Linux Enterprise SDK 11 GA	`finch >= 2.6.6-0.1.1` `finch-devel >= 2.6.6-0.1.1` `libpurple >= 2.6.6-0.1.1` `libpurple-devel >= 2.6.6-0.1.1` `libpurple-lang >= 2.6.6-0.1.1` `pidgin >= 2.6.6-0.1.1` `pidgin-devel >= 2.6.6-0.1.1`	sled11.x86-64 sle11-sdk.x86-64 sle11-sdk.ppc sled11.x86 sle11-debuginfo.x86 sled11.x86 sle11-sdk.x86 sle11-sdk.ia64 sle11-sdk.s390x sle11-debuginfo.x86-64 sle11-debuginfo.ppc sle11-sdk.s390x sle11-debuginfo.s390x sle11-sdk.x86 sle11-debuginfo.ia64 sle11-debuginfo.s390x sle11-debuginfo.x86 sle11-debuginfo.x86-64 sled11.x86-64 sle11-sdk.ppc sle11-debuginfo.ia64 sle11-debuginfo.ppc sle11-sdk.ia64 sle11-sdk.x86-64 SAT Patch Nr: 2019
SUSE Linux Enterprise Desktop 11 GA	`finch >= 2.6.6-0.1.1` `libpurple >= 2.6.6-0.1.1` `libpurple-lang >= 2.6.6-0.1.1` `pidgin >= 2.6.6-0.1.1`	sled11.x86-64 sle11-sdk.x86-64 sle11-sdk.ppc sled11.x86 sle11-debuginfo.x86 sled11.x86 sle11-sdk.x86 sle11-sdk.ia64 sle11-sdk.s390x sle11-debuginfo.x86-64 sle11-debuginfo.ppc sle11-sdk.s390x sle11-debuginfo.s390x sle11-sdk.x86 sle11-debuginfo.ia64 sle11-debuginfo.s390x sle11-debuginfo.x86 sle11-debuginfo.x86-64 sled11.x86-64 sle11-sdk.ppc sle11-debuginfo.ia64 sle11-debuginfo.ppc sle11-sdk.ia64 sle11-sdk.x86-64 SAT Patch Nr: 2019
openSUSE 11.0	`pidgin-debuginfo >= 2.6.6-0.1` `pidgin-debugsource >= 2.6.6-0.1`
openSUSE 11.0	`finch >= 2.6.6-0.1` `finch-devel >= 2.6.6-0.1` `libpurple >= 2.6.6-0.1` `libpurple-devel >= 2.6.6-0.1` `libpurple-lang >= 2.6.6-0.1` `libpurple-meanwhile >= 2.6.6-0.1` `libpurple-mono >= 2.6.6-0.1` `pidgin >= 2.6.6-0.1` `pidgin-devel >= 2.6.6-0.1`
openSUSE 11.1	`pidgin-debuginfo >= 2.6.6-0.1.2` `pidgin-debugsource >= 2.6.6-0.1.2`
openSUSE 11.1	`finch >= 2.6.6-0.1.2` `finch-devel >= 2.6.6-0.1.2` `libpurple >= 2.6.6-0.1.2` `libpurple-devel >= 2.6.6-0.1.2` `libpurple-lang >= 2.6.6-0.1.2` `libpurple-meanwhile >= 2.6.6-0.1.2` `libpurple-mono >= 2.6.6-0.1.2` `pidgin >= 2.6.6-0.1.2` `pidgin-devel >= 2.6.6-0.1.2`
openSUSE 11.2	`finch-debuginfo >= 2.6.6-0.1.1` `libpurple-debuginfo >= 2.6.6-0.1.1` `libpurple-meanwhile-debuginfo >= 2.6.6-0.1.1` `libpurple-mono-debuginfo >= 2.6.6-0.1.1` `libpurple-tcl-debuginfo >= 2.6.6-0.1.1` `pidgin-debuginfo >= 2.6.6-0.1.1` `pidgin-debugsource >= 2.6.6-0.1.1`
openSUSE 11.2	`finch >= 2.6.6-0.1.1` `finch-devel >= 2.6.6-0.1.1` `libpurple >= 2.6.6-0.1.1` `libpurple-devel >= 2.6.6-0.1.1` `libpurple-lang >= 2.6.6-0.1.1` `libpurple-meanwhile >= 2.6.6-0.1.1` `libpurple-mono >= 2.6.6-0.1.1` `libpurple-tcl >= 2.6.6-0.1.1` `pidgin >= 2.6.6-0.1.1` `pidgin-devel >= 2.6.6-0.1.1`
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86	`pidgin-debuginfo >= 2.6.6-0.4.1`	sle10-sp2-sdk.x86 sled10-sp2.x86 sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.ia64 sles10-sp2-debuginfo.ia64 sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2-debuginfo.x86 sles10-sp2-debuginfo.ppc sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.x86-64 ZYPP Patch Nr: 6856
SUSE Linux Enterprise SDK 10 SP2	`finch >= 2.6.6-0.4.1` `finch-devel >= 2.6.6-0.4.1` `libpurple >= 2.6.6-0.4.1` `libpurple-devel >= 2.6.6-0.4.1` `pidgin >= 2.6.6-0.4.1` `pidgin-devel >= 2.6.6-0.4.1`	sle10-sp2-sdk.x86 sled10-sp2.x86 sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.ia64 sles10-sp2-debuginfo.ia64 sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2-debuginfo.x86 sles10-sp2-debuginfo.ppc sles10-sp2-debuginfo.s390x sles10-sp2-debuginfo.x86-64 ZYPP Patch Nr: 6856

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy