Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4397

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4397
Last Modified 15 Nov 2008 01:56:51
Published 18 Aug 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4397

Summary

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Vulnerable Systems

Application

  • Irssi 0.8.10rc5

  • Kristof Korwisi Ixmmsa 0.3

  • Mikachu L33t Xmms Music Showing Script 2.00

  • Ricardo Mesquita Mpg123 0.01

  • Ricardo Mesquita Ogg123 0.01

  • Simon Xmms2 1.1.3

  • Tuomas Jormola Xmmsinfo 1.1.1.1


References

BID - 25281

XF - irc-multiple-command-execution(35985)

BUGTRAQ - 20070812 Vulnerability in multiple "now playing" scripts for various IRC clients

MISC - http://wouter.coekaerts.be/site/security/nowplaying

SECUNIA - 26488

SECUNIA - 26487

SECUNIA - 26486

SECUNIA - 26485

SECUNIA - 26484

SECUNIA - 26455

SECUNIA - 26454

OSVDB - 39575

OSVDB - 39574

SREASON - 3036


Last Updated: 27 May 2016 10:45:50