CVE-2013-4550

2013-12-2400:00:00

ubuntu.com

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to
an unexpected file descriptor that was previously associated with stderr
before stderr has been closed, which allows remote attackers to write to
other sockets and have an unspecified impact via a failed SSL handshake, a
different vulnerability than CVE-2011-5268. NOTE: some sources originally
mapped this CVE to two different types of issues; this CVE has since been
SPLIT, producing CVE-2011-5268.

Bugs

<https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888>

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchbip< 0.8.8-1ubuntu0.3UNKNOWN
ubuntu12.10noarchbip< 0.8.8-2ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchbip< 0.8.8-2ubuntu0.13.04.1UNKNOWN
ubuntu13.10noarchbip< 0.8.8-2ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	bip	< 0.8.8-1ubuntu0.3	UNKNOWN
ubuntu	12.10	noarch	bip	< 0.8.8-2ubuntu0.12.10.1	UNKNOWN
ubuntu	13.04	noarch	bip	< 0.8.8-2ubuntu0.13.04.1	UNKNOWN
ubuntu	13.10	noarch	bip	< 0.8.8-2ubuntu1.1	UNKNOWN