Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to overwrite and hijack existing accounts via unknown vectors related to inconsistent handling of the USTATUS_IDENTIFIED state. NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bitlbee | Bitlbee | * | 1.2.3 (excluding) |
| Bitlbee | Ubuntu | dapper | * |
| Bitlbee | Ubuntu | feisty | * |
| Bitlbee | Ubuntu | gutsy | * |
| Bitlbee | Ubuntu | hardy | * |
| Bitlbee | Ubuntu | upstream | * |
References
- http://secunia.com/advisories/31690
- http://secunia.com/advisories/31991
- http://security.gentoo.org/glsa/glsa-200809-14.xml
- http://www.bitlbee.org/main.php/changelog.html
- http://www.bitlbee.org/main.php/news.r.html
- http://www.openwall.com/lists/oss-security/2008/09/08/1
- http://www.openwall.com/lists/oss-security/2008/09/09/11
- http://www.securityfocus.com/bid/31342
- https://bugzilla.redhat.com/show_bug.cgi?id=461424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45132
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html
- http://secunia.com/advisories/31690
- http://secunia.com/advisories/31991
- http://security.gentoo.org/glsa/glsa-200809-14.xml
- http://www.bitlbee.org/main.php/changelog.html
- http://www.bitlbee.org/main.php/news.r.html
- http://www.openwall.com/lists/oss-security/2008/09/08/1
- http://www.openwall.com/lists/oss-security/2008/09/09/11
- http://www.securityfocus.com/bid/31342
- https://bugzilla.redhat.com/show_bug.cgi?id=461424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45132
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html