Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for bitlbee by bitlbee
CVE-2012-1187 (GCVE-0-2012-1187)
Vulnerability from cvelistv5 – Published: 2019-10-29 13:00 – Updated: 2024-08-06 18:53
VLAI
Summary
Bitlbee does not drop extra group privileges correctly in unix.c
Severity
No CVSS data available.
CWE
- does not drop extra group privileges
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2012-1187 | x_refsource_MISC |
| https://bugs.bitlbee.org/ticket/852 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-1187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bitlbee.org/ticket/852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitlbee",
"vendor": "Bitlbee",
"versions": [
{
"status": "affected",
"version": "3.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitlbee does not drop extra group privileges correctly in unix.c"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "does not drop extra group privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T13:00:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-1187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bitlbee.org/ticket/852"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1187",
"datePublished": "2019-10-29T13:00:11.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:36.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5668 (GCVE-0-2017-5668)
Vulnerability from cvelistv5 – Published: 2017-03-14 14:00 – Updated: 2024-08-05 15:11
VLAI
Summary
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugs.bitlbee.org/ticket/1282 | x_refsource_CONFIRM |
| https://github.com/bitlbee/bitlbee/commit/30d598c… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95932 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2017/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/30/4 | mailing-listx_refsource_MLIST |
Date Public
2016-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:47.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441"
},
{
"name": "95932",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95932"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441"
},
{
"name": "95932",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95932"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.bitlbee.org/ticket/1282",
"refsource": "CONFIRM",
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"name": "https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441",
"refsource": "CONFIRM",
"url": "https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441"
},
{
"name": "95932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95932"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5668",
"datePublished": "2017-03-14T14:00:00.000Z",
"dateReserved": "2017-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:11:47.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10188 (GCVE-0-2016-10188)
Vulnerability from cvelistv5 – Published: 2017-03-14 14:00 – Updated: 2024-08-06 03:14
VLAI
Summary
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2017/dsa-3853 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/95935 | vdb-entryx_refsource_BID |
| https://bugs.bitlbee.org/ticket/1281 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/30/4 | mailing-listx_refsource_MLIST |
Date Public
2017-01-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"name": "95935",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95935"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.bitlbee.org/ticket/1281"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"name": "95935",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95935"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.bitlbee.org/ticket/1281"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3853",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"name": "95935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95935"
},
{
"name": "https://bugs.bitlbee.org/ticket/1281",
"refsource": "CONFIRM",
"url": "https://bugs.bitlbee.org/ticket/1281"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10188",
"datePublished": "2017-03-14T14:00:00.000Z",
"dateReserved": "2017-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10189 (GCVE-0-2016-10189)
Vulnerability from cvelistv5 – Published: 2017-03-14 14:00 – Updated: 2024-08-06 03:14
VLAI
Summary
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95931 | vdb-entryx_refsource_BID |
| https://bugs.bitlbee.org/ticket/1282 | x_refsource_CONFIRM |
| http://www.debian.org/security/2017/dsa-3853 | vendor-advisoryx_refsource_DEBIAN |
| https://github.com/bitlbee/bitlbee/commit/701ab81… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/30/4 | mailing-listx_refsource_MLIST |
Date Public
2016-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95931",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"name": "DSA-3853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95931",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"name": "DSA-3853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95931"
},
{
"name": "https://bugs.bitlbee.org/ticket/1282",
"refsource": "CONFIRM",
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"name": "DSA-3853",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"name": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f",
"refsource": "CONFIRM",
"url": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10189",
"datePublished": "2017-03-14T14:00:00.000Z",
"dateReserved": "2017-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3969 (GCVE-0-2008-3969)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 10:00
VLAI
Summary
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2008/09/08/1 | mailing-listx_refsource_MLIST |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/31342 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2008/0… | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200809-14.xml | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=461424 | x_refsource_CONFIRM |
| http://www.bitlbee.org/main.php/changelog.html | x_refsource_CONFIRM |
| http://www.bitlbee.org/main.php/news.r.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/31991 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/31690 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080908 Re: CVE request for bitlbee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/08/1"
},
{
"name": "FEDORA-2008-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html"
},
{
"name": "31342",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31342"
},
{
"name": "[oss-security] 20080909 Re: CVE request for bitlbee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/11"
},
{
"name": "bitlbee-multiple-unspecified-security-bypass(45132)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45132"
},
{
"name": "GLSA-200809-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461424"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitlbee.org/main.php/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitlbee.org/main.php/news.r.html"
},
{
"name": "31991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31690"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to \"overwrite\" and \"hijack\" existing accounts via unknown vectors related to \"inconsistent handling of the USTATUS_IDENTIFIED state.\" NOTE: this issue exists because of an incomplete fix for CVE-2008-3920."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20080908 Re: CVE request for bitlbee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/08/1"
},
{
"name": "FEDORA-2008-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html"
},
{
"name": "31342",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31342"
},
{
"name": "[oss-security] 20080909 Re: CVE request for bitlbee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/11"
},
{
"name": "bitlbee-multiple-unspecified-security-bypass(45132)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45132"
},
{
"name": "GLSA-200809-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461424"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitlbee.org/main.php/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitlbee.org/main.php/news.r.html"
},
{
"name": "31991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31690"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to \"overwrite\" and \"hijack\" existing accounts via unknown vectors related to \"inconsistent handling of the USTATUS_IDENTIFIED state.\" NOTE: this issue exists because of an incomplete fix for CVE-2008-3920."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080908 Re: CVE request for bitlbee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/08/1"
},
{
"name": "FEDORA-2008-7761",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html"
},
{
"name": "31342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31342"
},
{
"name": "[oss-security] 20080909 Re: CVE request for bitlbee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/11"
},
{
"name": "bitlbee-multiple-unspecified-security-bypass(45132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45132"
},
{
"name": "GLSA-200809-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=461424",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461424"
},
{
"name": "http://www.bitlbee.org/main.php/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.bitlbee.org/main.php/changelog.html"
},
{
"name": "http://www.bitlbee.org/main.php/news.r.html",
"refsource": "CONFIRM",
"url": "http://www.bitlbee.org/main.php/news.r.html"
},
{
"name": "31991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31690"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3969",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3920 (GCVE-0-2008-3920)
Vulnerability from cvelistv5 – Published: 2008-09-04 18:00 – Updated: 2024-08-07 10:00
VLAI
Summary
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://bitlbee.org/main.php/changelog.html | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=460355 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30858 | vdb-entryx_refsource_BID |
| http://security.gentoo.org/glsa/glsa-200809-14.xml | vendor-advisoryx_refsource_GENTOO |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/31633 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/31991 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/31690 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2008-08-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:41.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bitlbee.org/main.php/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460355"
},
{
"name": "30858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30858"
},
{
"name": "GLSA-200809-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"name": "FEDORA-2008-7712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00335.html"
},
{
"name": "31633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31633"
},
{
"name": "FEDORA-2008-7274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00045.html"
},
{
"name": "31991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31690"
},
{
"name": "bitlbee-unspecified-security-bypass(44699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44699"
},
{
"name": "FEDORA-2008-7830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to \"recreate\" and \"hijack\" existing accounts via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bitlbee.org/main.php/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460355"
},
{
"name": "30858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30858"
},
{
"name": "GLSA-200809-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"name": "FEDORA-2008-7712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00335.html"
},
{
"name": "31633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31633"
},
{
"name": "FEDORA-2008-7274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00045.html"
},
{
"name": "31991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31690"
},
{
"name": "bitlbee-unspecified-security-bypass(44699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44699"
},
{
"name": "FEDORA-2008-7830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to \"recreate\" and \"hijack\" existing accounts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bitlbee.org/main.php/changelog.html",
"refsource": "CONFIRM",
"url": "http://bitlbee.org/main.php/changelog.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=460355",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460355"
},
{
"name": "30858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30858"
},
{
"name": "GLSA-200809-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"name": "FEDORA-2008-7712",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00335.html"
},
{
"name": "31633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31633"
},
{
"name": "FEDORA-2008-7274",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00045.html"
},
{
"name": "31991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31690"
},
{
"name": "bitlbee-unspecified-security-bypass(44699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44699"
},
{
"name": "FEDORA-2008-7830",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3920",
"datePublished": "2008-09-04T18:00:00.000Z",
"dateReserved": "2008-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:41.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1187 (GCVE-0-2012-1187)
Vulnerability from nvd – Published: 2019-10-29 13:00 – Updated: 2024-08-06 18:53
VLAI
Summary
Bitlbee does not drop extra group privileges correctly in unix.c
Severity
No CVSS data available.
CWE
- does not drop extra group privileges
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2012-1187 | x_refsource_MISC |
| https://bugs.bitlbee.org/ticket/852 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-1187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bitlbee.org/ticket/852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bitlbee",
"vendor": "Bitlbee",
"versions": [
{
"status": "affected",
"version": "3.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bitlbee does not drop extra group privileges correctly in unix.c"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "does not drop extra group privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T13:00:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-1187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bitlbee.org/ticket/852"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1187",
"datePublished": "2019-10-29T13:00:11.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:36.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5668 (GCVE-0-2017-5668)
Vulnerability from nvd – Published: 2017-03-14 14:00 – Updated: 2024-08-05 15:11
VLAI
Summary
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugs.bitlbee.org/ticket/1282 | x_refsource_CONFIRM |
| https://github.com/bitlbee/bitlbee/commit/30d598c… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95932 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2017/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/30/4 | mailing-listx_refsource_MLIST |
Date Public
2016-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:47.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441"
},
{
"name": "95932",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95932"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441"
},
{
"name": "95932",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95932"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.bitlbee.org/ticket/1282",
"refsource": "CONFIRM",
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"name": "https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441",
"refsource": "CONFIRM",
"url": "https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441"
},
{
"name": "95932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95932"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5668",
"datePublished": "2017-03-14T14:00:00.000Z",
"dateReserved": "2017-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:11:47.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10189 (GCVE-0-2016-10189)
Vulnerability from nvd – Published: 2017-03-14 14:00 – Updated: 2024-08-06 03:14
VLAI
Summary
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95931 | vdb-entryx_refsource_BID |
| https://bugs.bitlbee.org/ticket/1282 | x_refsource_CONFIRM |
| http://www.debian.org/security/2017/dsa-3853 | vendor-advisoryx_refsource_DEBIAN |
| https://github.com/bitlbee/bitlbee/commit/701ab81… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/30/4 | mailing-listx_refsource_MLIST |
Date Public
2016-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95931",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"name": "DSA-3853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95931",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"name": "DSA-3853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95931"
},
{
"name": "https://bugs.bitlbee.org/ticket/1282",
"refsource": "CONFIRM",
"url": "https://bugs.bitlbee.org/ticket/1282"
},
{
"name": "DSA-3853",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"name": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f",
"refsource": "CONFIRM",
"url": "https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10189",
"datePublished": "2017-03-14T14:00:00.000Z",
"dateReserved": "2017-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10188 (GCVE-0-2016-10188)
Vulnerability from nvd – Published: 2017-03-14 14:00 – Updated: 2024-08-06 03:14
VLAI
Summary
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2017/dsa-3853 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/95935 | vdb-entryx_refsource_BID |
| https://bugs.bitlbee.org/ticket/1281 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/30/4 | mailing-listx_refsource_MLIST |
Date Public
2017-01-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"name": "95935",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95935"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.bitlbee.org/ticket/1281"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3853",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"name": "95935",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95935"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.bitlbee.org/ticket/1281"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3853",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3853"
},
{
"name": "95935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95935"
},
{
"name": "https://bugs.bitlbee.org/ticket/1281",
"refsource": "CONFIRM",
"url": "https://bugs.bitlbee.org/ticket/1281"
},
{
"name": "[oss-security] 20170131 Re: CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/11"
},
{
"name": "[oss-security] 20170130 CVE Request - Remote DoS vulnerabilities in BitlBee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10188",
"datePublished": "2017-03-14T14:00:00.000Z",
"dateReserved": "2017-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3969 (GCVE-0-2008-3969)
Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 10:00
VLAI
Summary
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2008/09/08/1 | mailing-listx_refsource_MLIST |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/31342 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2008/0… | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200809-14.xml | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=461424 | x_refsource_CONFIRM |
| http://www.bitlbee.org/main.php/changelog.html | x_refsource_CONFIRM |
| http://www.bitlbee.org/main.php/news.r.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/31991 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/31690 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20080908 Re: CVE request for bitlbee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/08/1"
},
{
"name": "FEDORA-2008-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html"
},
{
"name": "31342",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31342"
},
{
"name": "[oss-security] 20080909 Re: CVE request for bitlbee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/11"
},
{
"name": "bitlbee-multiple-unspecified-security-bypass(45132)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45132"
},
{
"name": "GLSA-200809-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461424"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitlbee.org/main.php/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitlbee.org/main.php/news.r.html"
},
{
"name": "31991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31690"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to \"overwrite\" and \"hijack\" existing accounts via unknown vectors related to \"inconsistent handling of the USTATUS_IDENTIFIED state.\" NOTE: this issue exists because of an incomplete fix for CVE-2008-3920."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20080908 Re: CVE request for bitlbee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/08/1"
},
{
"name": "FEDORA-2008-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html"
},
{
"name": "31342",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31342"
},
{
"name": "[oss-security] 20080909 Re: CVE request for bitlbee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/11"
},
{
"name": "bitlbee-multiple-unspecified-security-bypass(45132)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45132"
},
{
"name": "GLSA-200809-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461424"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitlbee.org/main.php/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitlbee.org/main.php/news.r.html"
},
{
"name": "31991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31690"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to \"overwrite\" and \"hijack\" existing accounts via unknown vectors related to \"inconsistent handling of the USTATUS_IDENTIFIED state.\" NOTE: this issue exists because of an incomplete fix for CVE-2008-3920."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20080908 Re: CVE request for bitlbee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/08/1"
},
{
"name": "FEDORA-2008-7761",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html"
},
{
"name": "31342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31342"
},
{
"name": "[oss-security] 20080909 Re: CVE request for bitlbee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/11"
},
{
"name": "bitlbee-multiple-unspecified-security-bypass(45132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45132"
},
{
"name": "GLSA-200809-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=461424",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461424"
},
{
"name": "http://www.bitlbee.org/main.php/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.bitlbee.org/main.php/changelog.html"
},
{
"name": "http://www.bitlbee.org/main.php/news.r.html",
"refsource": "CONFIRM",
"url": "http://www.bitlbee.org/main.php/news.r.html"
},
{
"name": "31991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31690"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3969",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3920 (GCVE-0-2008-3920)
Vulnerability from nvd – Published: 2008-09-04 18:00 – Updated: 2024-08-07 10:00
VLAI
Summary
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://bitlbee.org/main.php/changelog.html | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=460355 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30858 | vdb-entryx_refsource_BID |
| http://security.gentoo.org/glsa/glsa-200809-14.xml | vendor-advisoryx_refsource_GENTOO |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/31633 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/31991 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/31690 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2008-08-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:41.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bitlbee.org/main.php/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460355"
},
{
"name": "30858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30858"
},
{
"name": "GLSA-200809-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"name": "FEDORA-2008-7712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00335.html"
},
{
"name": "31633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31633"
},
{
"name": "FEDORA-2008-7274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00045.html"
},
{
"name": "31991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31690"
},
{
"name": "bitlbee-unspecified-security-bypass(44699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44699"
},
{
"name": "FEDORA-2008-7830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to \"recreate\" and \"hijack\" existing accounts via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bitlbee.org/main.php/changelog.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460355"
},
{
"name": "30858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30858"
},
{
"name": "GLSA-200809-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"name": "FEDORA-2008-7712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00335.html"
},
{
"name": "31633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31633"
},
{
"name": "FEDORA-2008-7274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00045.html"
},
{
"name": "31991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31690"
},
{
"name": "bitlbee-unspecified-security-bypass(44699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44699"
},
{
"name": "FEDORA-2008-7830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to \"recreate\" and \"hijack\" existing accounts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bitlbee.org/main.php/changelog.html",
"refsource": "CONFIRM",
"url": "http://bitlbee.org/main.php/changelog.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=460355",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460355"
},
{
"name": "30858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30858"
},
{
"name": "GLSA-200809-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-14.xml"
},
{
"name": "FEDORA-2008-7712",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00335.html"
},
{
"name": "31633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31633"
},
{
"name": "FEDORA-2008-7274",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00045.html"
},
{
"name": "31991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31991"
},
{
"name": "31690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31690"
},
{
"name": "bitlbee-unspecified-security-bypass(44699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44699"
},
{
"name": "FEDORA-2008-7830",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3920",
"datePublished": "2008-09-04T18:00:00.000Z",
"dateReserved": "2008-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:41.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}