Four vulnerabilities in Pidgin

The VRT is announcing the discovery and patching of 4 CVE vulnerabilities in Pidgin. These vulnerabilities were discovered by the VRT VULNDEV team and reported to the Pidgin team. The VRT also created TRUFFLE rules that have been protecting Sourcefire customers for these vulnerabilities since October 1st 2013, while the Pidgin team was working on patching them. TRUFFLE rules provide a way for the VRT to release cutting edge coverage without exposing threats to the public through a plaintext rule. We are releasing these rules publicly as part of our update today, since the Pidgin team is releasing Pidgin 2.10.8 that addresses these issues. It is available for download here: http://www.pidgin.im/

Here is a summary of the vulnerabilities and the associated rules, with links to blog posts describing the vulnerabilities in detail:

• VRT-2013-1001 (CVE-2013-6487): Buffer overflow in Gadu-Gadu HTTP parsing

o   We had prior coverage for this vulnerability through an http_inspect alert GID 120, SID 8 as well as SID 2580.

•  VRT-2013-1002 (CVE-2013-6489): Buffer overflow in MXit emoticon parsing

o   We are releasing SID 28088 to handle this vulnerability.

• VRT-2013-1003 (CVE-2013-6486):  Pidgin uses clickable links to untrusted executables

o   We are releasing SIDs 28089 and 28090 to cover this vulnerability.

• VRT-2013-1004 (CVE-2013-6490): Buffer overflow in SIMPLE header parsing

o   We also had prior coverage for this vulnerability through SIP preprocessor alert, GID 140 SID 16.