BitlBee IM to IRC gateway multiple security vulnerabilities

[EN] securityvulns.ru
no-pyccku

BitlBee IM to IRC gateway multiple security vulnerabilities
Published: 29.09.2008
Source: BUGTRAQ
SecurityVulns ID: 9309
Type: remote
Level: 5/10
Description: DoS, privilege escalation.

Affected: BITLBEE : Bitlbee 1.2
CVE: CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.)
CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.)

Original document GENTOO, [ GLSA 200809-14 ] BitlBee: Security bypass (29.09.2008)

Discuss: Read or add your comments to this news (0 comments)

test server