Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1000

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-1000
Last Modified 20 Apr 2011 10:33:16
Published 18 Feb 2011 08:00:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1000

Summary

jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.

Vulnerable Systems

Application

  • Freedesktop Telepathy Gabble 0.10

  • Freedesktop Telepathy Gabble 0.10.1

  • Freedesktop Telepathy Gabble 0.10.2

  • Freedesktop Telepathy Gabble 0.10.3

  • Freedesktop Telepathy Gabble 0.10.4

  • Freedesktop Telepathy Gabble 0.11

  • Freedesktop Telepathy Gabble 0.11.1

  • Freedesktop Telepathy Gabble 0.11.2

  • Freedesktop Telepathy Gabble 0.11.3

  • Freedesktop Telepathy Gabble 0.11.4

  • Freedesktop Telepathy Gabble 0.11.5

  • Freedesktop Telepathy Gabble 0.11.6

  • Freedesktop Telepathy Gabble 0.8

  • Freedesktop Telepathy Gabble 0.8.1

  • Freedesktop Telepathy Gabble 0.8.10

  • Freedesktop Telepathy Gabble 0.8.11

  • Freedesktop Telepathy Gabble 0.8.12

  • Freedesktop Telepathy Gabble 0.8.13

  • Freedesktop Telepathy Gabble 0.8.14

  • Freedesktop Telepathy Gabble 0.8.2

  • Freedesktop Telepathy Gabble 0.8.3

  • Freedesktop Telepathy Gabble 0.8.4

  • Freedesktop Telepathy Gabble 0.8.5

  • Freedesktop Telepathy Gabble 0.8.6

  • Freedesktop Telepathy Gabble 0.8.7

  • Freedesktop Telepathy Gabble 0.8.8

  • Freedesktop Telepathy Gabble 0.8.9


References

CONFIRM - https://bugs.freedesktop.org/show_bug.cgi?id=34048

MLIST - [oss-security] 20110217 Re: CVE id request: telepathy-gabble

MLIST - [oss-security] 20110217 CVE id request: telepathy-gabble

SUSE - openSUSE-SU-2011:0303

XF - gabble-jingle-info-security-bypass(65523)

VUPEN - ADV-2011-0901

VUPEN - ADV-2011-0572

VUPEN - ADV-2011-0537

VUPEN - ADV-2011-0428

VUPEN - ADV-2011-0412

UBUNTU - USN-1067-1

BID - 46440

DEBIAN - DSA-2169

SECUNIA - 44023

SECUNIA - 43545

SECUNIA - 43485

SECUNIA - 43404

SECUNIA - 43369

SECUNIA - 43316

FEDORA - FEDORA-2011-1284

FEDORA - FEDORA-2011-1903

FEDORA - FEDORA-2011-1668


Last Updated: 27 May 2016 10:56:07