CVE
- Id
- 33044
- CVE No.
- CVE-2008-2927
- Status
- Candidate
- Description
- Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
- Phase
- Assigned (20080630)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 358598 | 33044 | CVE-2008-2927 | BUGTRAQ:20080625 Pidgin 2.4.1 Vulnerability | View |
| 358599 | 33044 | CVE-2008-2927 | URL:http://www.securityfocus.com/archive/1/493682 | View |
| 358600 | 33044 | CVE-2008-2927 | BUGTRAQ:20080806 rPSA-2008-0246-1 gaim | View |
| 358601 | 33044 | CVE-2008-2927 | URL:http://www.securityfocus.com/archive/1/archive/1/495165/100/0/threaded | View |
| 358602 | 33044 | CVE-2008-2927 | BUGTRAQ:20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability | View |
| 358603 | 33044 | CVE-2008-2927 | URL:http://www.securityfocus.com/archive/1/archive/1/495818/100/0/threaded | View |
| 358604 | 33044 | CVE-2008-2927 | MLIST:[oss-security] 20080703 Re: Re: CVE Request (pidgin) | View |
| 358605 | 33044 | CVE-2008-2927 | URL:http://www.openwall.com/lists/oss-security/2008/07/04/1 | View |
| 358606 | 33044 | CVE-2008-2927 | MLIST:[oss-security] 20080704 Re: Re: CVE Request (pidgin) | View |
| 358607 | 33044 | CVE-2008-2927 | URL:http://www.openwall.com/lists/oss-security/2008/07/03/6 | View |
| 358608 | 33044 | CVE-2008-2927 | MISC:http://www.zerodayinitiative.com/advisories/ZDI-08-054 | View |
| 358609 | 33044 | CVE-2008-2927 | CONFIRM:http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c | View |
| 358610 | 33044 | CVE-2008-2927 | CONFIRM:http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c | View |
| 358611 | 33044 | CVE-2008-2927 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=453764 | View |
| 358612 | 33044 | CVE-2008-2927 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246 | View |
| 358613 | 33044 | CVE-2008-2927 | CONFIRM:https://issues.rpath.com/browse/RPL-2647 | View |
| 358614 | 33044 | CVE-2008-2927 | CONFIRM:http://www.pidgin.im/news/security/?id=25 | View |
| 358615 | 33044 | CVE-2008-2927 | DEBIAN:DSA-1610 | View |
| 358616 | 33044 | CVE-2008-2927 | URL:http://www.debian.org/security/2008/dsa-1610 | View |
| 358617 | 33044 | CVE-2008-2927 | MANDRIVA:MDVSA-2008:143 | View |
| 358618 | 33044 | CVE-2008-2927 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:143 | View |
| 358619 | 33044 | CVE-2008-2927 | MANDRIVA:MDVSA-2009:127 | View |
| 358620 | 33044 | CVE-2008-2927 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:127 | View |
| 358621 | 33044 | CVE-2008-2927 | REDHAT:RHSA-2008:0584 | View |
| 358622 | 33044 | CVE-2008-2927 | URL:http://www.redhat.com/support/errata/RHSA-2008-0584.html | View |
| 358623 | 33044 | CVE-2008-2927 | UBUNTU:USN-675-1 | View |
| 358624 | 33044 | CVE-2008-2927 | URL:http://www.ubuntu.com/usn/USN-675-1 | View |
| 358625 | 33044 | CVE-2008-2927 | UBUNTU:USN-675-2 | View |
| 358626 | 33044 | CVE-2008-2927 | URL:http://www.ubuntu.com/usn/USN-675-2 | View |
| 358627 | 33044 | CVE-2008-2927 | BID:29956 | View |
| 358628 | 33044 | CVE-2008-2927 | URL:http://www.securityfocus.com/bid/29956 | View |
| 358629 | 33044 | CVE-2008-2927 | OVAL:oval:org.mitre.oval:def:11695 | View |
| 358630 | 33044 | CVE-2008-2927 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11695 | View |
| 358631 | 33044 | CVE-2008-2927 | OVAL:oval:org.mitre.oval:def:17972 | View |
| 358632 | 33044 | CVE-2008-2927 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17972 | View |
| 358633 | 33044 | CVE-2008-2927 | SECUNIA:32859 | View |
| 358634 | 33044 | CVE-2008-2927 | URL:http://secunia.com/advisories/32859 | View |
| 358635 | 33044 | CVE-2008-2927 | SECUNIA:32861 | View |
| 358636 | 33044 | CVE-2008-2927 | URL:http://secunia.com/advisories/32861 | View |
| 358637 | 33044 | CVE-2008-2927 | VUPEN:ADV-2008-2032 | View |
| 358638 | 33044 | CVE-2008-2927 | URL:http://www.vupen.com/english/advisories/2008/2032/references | View |
| 358639 | 33044 | CVE-2008-2927 | SECTRACK:1020451 | View |
| 358640 | 33044 | CVE-2008-2927 | URL:http://www.securitytracker.com/id?1020451 | View |
| 358641 | 33044 | CVE-2008-2927 | SECUNIA:30971 | View |
| 358642 | 33044 | CVE-2008-2927 | URL:http://secunia.com/advisories/30971 | View |
| 358643 | 33044 | CVE-2008-2927 | SECUNIA:31016 | View |
| 358644 | 33044 | CVE-2008-2927 | URL:http://secunia.com/advisories/31016 | View |
| 358645 | 33044 | CVE-2008-2927 | SECUNIA:31105 | View |
| 358646 | 33044 | CVE-2008-2927 | URL:http://secunia.com/advisories/31105 | View |
| 358647 | 33044 | CVE-2008-2927 | SECUNIA:31387 | View |
| 358648 | 33044 | CVE-2008-2927 | URL:http://secunia.com/advisories/31387 | View |
| 358649 | 33044 | CVE-2008-2927 | SECUNIA:31642 | View |
| 358650 | 33044 | CVE-2008-2927 | URL:http://secunia.com/advisories/31642 | View |
| 358651 | 33044 | CVE-2008-2927 | XF:adium-msnprotocol-code-execution(44774) | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 46434 | JVNDB-2008-001744 | Linux Kernel の do_change_type 関数における権限昇格の脆弱性 | Linux Kernel の fs/namespace.c における do_change_type 関数には、CAP_SYS_ADMIN ケーパビリティを持つ発信元を確認しないため、権限昇格およびサービス運用妨害状態 (DoS) の脆弱性が存在します。 | CVE-2008-2931 | 33044 | 6.9 | http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001744.html | View |
