Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3969

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3969
Last Modified 19 Aug 2009 01:19:04
Published 10 Sep 2008 09:13:47
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3969

Summary

Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.

Vulnerable Systems

Application

  • Bitlbee

  • Bitlbee 0.71

  • Bitlbee 0.72

  • Bitlbee 0.73

  • Bitlbee 0.74

  • Bitlbee 0.80

  • Bitlbee 0.81

  • Bitlbee 0.82

  • Bitlbee 0.83

  • Bitlbee 0.84

  • Bitlbee 0.85

  • Bitlbee 0.90

  • Bitlbee 0.91

  • Bitlbee 0.92

  • Bitlbee 0.93

  • Bitlbee 0.99

  • Bitlbee 1.0

  • Bitlbee 1.0.1

  • Bitlbee 1.0.2

  • Bitlbee 1.0.3

  • Bitlbee 1.0.4

  • Bitlbee 1.1

  • Bitlbee 1.1.1

  • Bitlbee 1.2

  • Bitlbee 1.2.1


References

FEDORA - FEDORA-2008-7761

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=461424

XF - bitlbee-multiple-unspecified-security-bypass(45132)

BID - 31342

MLIST - [oss-security] 20080909 Re: CVE request for bitlbee

MLIST - [oss-security] 20080908 Re: CVE request for bitlbee

CONFIRM - http://www.bitlbee.org/main.php/news.r.html

CONFIRM - http://www.bitlbee.org/main.php/changelog.html

GENTOO - GLSA-200809-14

SECUNIA - 31991

SECUNIA - 31690


Last Updated: 27 May 2016 10:48:22