111 matches found
FreeBSD : bitlbee -- account recreation security issues (24ec781b-8c11-11dd-9923-0016d325a0ed)
Secunia reports : Some security issues have been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. The security issues are caused due to unspecified errors, which can be exploited to overwrite existing accounts...
Gentoo Security Advisory GLSA 200809-14 (bitlbee)
The remote host is missing updates announced in advisory GLSA 200809-14. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
GLSA-200809-14 : BitlBee: Security bypass
The remote host is affected by the vulnerability described in GLSA-200809-14 BitlBee: Security bypass Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact : A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts...
Gentoo Security Advisory GLSA 200809-14 (bitlbee)
The remote host is missing updates announced in advisory GLSA 200809-14. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BitlBee: Security bypass
Background BitlBee is an IRC to IM gateway that support multiple IM protocols. Description Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts. Workaround There is ...
Fedora 9 : bitlbee-1.2.3-1.fc9 (2008-7830)
Upstream released Bitlbee 1.2.3 with the following changes to the former release: - Fixed one more flaw similar to the previous hijacking bug, caused by inconsistent handling of the USTATUSIDENTIFIED state. All code touching these variables was reviewed and should be correct now. Finished 7 Sep...
Fedora 8 : bitlbee-1.2.3-1.fc8 (2008-7761)
Upstream released Bitlbee 1.2.3 with the following changes to the former release: - Fixed one more flaw similar to the previous hijacking bug, caused by inconsistent handling of the USTATUSIDENTIFIED state. All code touching these variables was reviewed and should be correct now. Finished 7 Sep...
[SECURITY] Fedora 9 Update: bitlbee-1.2.3-1.fc9
Bitlbee is an IRC to other chat networks gateway. Bitlbee can be used as an IRC server which forwards everything you say to people on other chat networks like ICQ, MSN, Jabber or Yahoo!...
[SECURITY] Fedora 8 Update: bitlbee-1.2.3-1.fc8
Bitlbee is an IRC to other chat networks gateway. Bitlbee can be used as an IRC server which forwards everything you say to people on other chat networks like ICQ, MSN, Jabber or Yahoo!...
CVE-2008-3969
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUSIDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920...
DEBIAN-CVE-2008-3969
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUSIDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920...
CVE-2008-3969
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUSIDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920...
CVE-2008-3969
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUSIDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920...
Design/Logic Flaw
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUSIDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920...
CVE-2008-3969
CVE-2008-3969 affects BitlBee (pre-1.2.3). Root cause tied to an incomplete fix for CVE-2008-3920, with multiple sources noting the issue as a remote login/account hijack/overwrite risk stemming from inconsistent handling of the USTATUS_IDENTIFIED state. OpenVAS/Fedora advisories document remedia...
CVE-2008-3969
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUSIDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920...
CVE-2008-3969
Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUSIDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920...
[SECURITY] Fedora 8 Update: bitlbee-1.2.2-1.fc8
Bitlbee is an IRC to other chat networks gateway. Bitlbee can be used as an IRC server which forwards everything you say to people on other chat networks like ICQ, MSN, Jabber or Yahoo!...
[SECURITY] Fedora 9 Update: bitlbee-1.2.2-1.fc9
Bitlbee is an IRC to other chat networks gateway. Bitlbee can be used as an IRC server which forwards everything you say to people on other chat networks like ICQ, MSN, Jabber or Yahoo!...
Fedora 8 : bitlbee-1.2.2-1.fc8 (2008-7712)
Upstream released Bitlbee 1.2.2 with the following changes to the former release: - Security bugfix: It was possible to hijack accounts without gaining access to the old account, it's simply an overwrite - Some more stability improvements. - Fixed bug where people with non-lowercase nicks couldn'...