Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5657

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5657
Last Modified 13 Aug 2009 01:28:28
Published 17 Dec 2008 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5657

Summary

CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.

Vulnerable Systems

Application

  • Quassel Core 0.1.0

  • Quassel Core 0.2.0

  • Quassel Core 0.3.0

  • Quassel Core 0.3.0.1

  • Quassel Core 0.3.0.2


References

CONFIRM - http://quassel-irc.org/node/89

FEDORA - FEDORA-2008-9658

XF - quasselirc-ctcp-command-execution(46195)

VUPEN - ADV-2008-3164

BID - 31973

BUGTRAQ - 20081028 Re: Quassel IRC: connection hijacking

BUGTRAQ - 20081028 Quassel IRC: connection hijacking

MISC - http://wouter.coekaerts.be/site/security/quassel-ctcp

SECUNIA - 32692

SECUNIA - 32470

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550


Last Updated: 27 May 2016 10:48:52