[email protected]CVE-2007-4397

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4397

2007-08-1821:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-4397

crlf injection

xmms

xchat

remote code execution

nvd

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CPENameOperatorVersion
tuomas_jormola:xmmsinfotuomas jormola xmmsinfoeq1.1.1.1
ricardo_mesquita:ogg123ricardo mesquita ogg123eq0.01
mikachu:l33t_xmms_music_showing_scriptmikachu l33t xmms music showing scripteq2.00
simon:xmms2simon xmms2eq1.1.3
kristof_korwisi:ixmmsakristof korwisi ixmmsaeq0.3
irssi:irssiirssile0.8.10rc5
ricardo_mesquita:mpg123ricardo mesquita mpg123eq0.01

CPE	Name	Operator	Version
tuomas_jormola:xmmsinfo	tuomas jormola xmmsinfo	eq	1.1.1.1
ricardo_mesquita:ogg123	ricardo mesquita ogg123	eq	0.01
mikachu:l33t_xmms_music_showing_script	mikachu l33t xmms music showing script	eq	2.00
simon:xmms2	simon xmms2	eq	1.1.3
kristof_korwisi:ixmmsa	kristof korwisi ixmmsa	eq	0.3
irssi:irssi	irssi	le	0.8.10rc5
ricardo_mesquita:mpg123	ricardo mesquita mpg123	eq	0.01

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html

osvdb.org/39574

osvdb.org/39575

secunia.com/advisories/26454

secunia.com/advisories/26455

secunia.com/advisories/26484

secunia.com/advisories/26485

secunia.com/advisories/26486

secunia.com/advisories/26487

secunia.com/advisories/26488

securityreason.com/securityalert/3036

wouter.coekaerts.be/site/security/nowplaying

www.securityfocus.com/archive/1/476283/100/0/threaded

www.securityfocus.com/bid/25281

exchange.xforce.ibmcloud.com/vulnerabilities/35985

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

Related for CVE-2007-4397

prion1