CVE-2008-3920
First published: Wed Aug 27 2008(Updated: )
Description of problem: Bitlbee 1.2.2 was released, see the following changelog: Version 1.2.2: - Security bugfix: It was possible to hijack accounts (without gaining access to the old account, it's simply an overwrite) - Some more stability improvements. - Fixed bug where people with non-lowercase nicks couldn't drop their account. - Easier upgrades of non-forking daemon mode servers (using the DEAF command). - Can be cross-compiled for Win32 now! (No support for SSL yet though, which makes it less useful for now.) - Exponential backoff on auto-reconnect. - Changing passwords gives less confusing feedback ("password is empty") now. Finished 26 Aug 2008 Version-Release number of selected component (if applicable): bitlbee-1.2.1-1 Actual results: bitlbee-1.2.1-1 Expected results: bitlbee-1.2.2-1 ;-) Additional info: I know, there's a security fix inside, but I'm unable to identify that one.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bitlbee Bitlbee | =0.71 | |
| Bitlbee Bitlbee | =0.72 | |
| Bitlbee Bitlbee | =1.1-dev | |
| Bitlbee Bitlbee | =0.85 | |
| Bitlbee Bitlbee | =0.85-a | |
| Bitlbee Bitlbee | =0.90 | |
| Bitlbee Bitlbee | =0.84 | |
| Bitlbee Bitlbee | =1.1.1-dev | |
| Bitlbee Bitlbee | =1.0.3 | |
| Bitlbee Bitlbee | =0.80 | |
| Bitlbee Bitlbee | =0.81-a | |
| Bitlbee Bitlbee | =0.92 | |
| Bitlbee Bitlbee | =1.0.2 | |
| Bitlbee Bitlbee | <=1.2.1 | |
| Bitlbee Bitlbee | =0.93-a | |
| Bitlbee Bitlbee | =0.74-a | |
| Bitlbee Bitlbee | =0.90-a | |
| Bitlbee Bitlbee | =0.74 | |
| Bitlbee Bitlbee | =1.0.1 | |
| Bitlbee Bitlbee | =1.0 | |
| Bitlbee Bitlbee | =1.0.4 | |
| Bitlbee Bitlbee | =0.81 | |
| Bitlbee Bitlbee | =0.93 | |
| Bitlbee Bitlbee | =0.83 | |
| Bitlbee Bitlbee | =0.99 | |
| Bitlbee Bitlbee | =0.91 | |
| Bitlbee Bitlbee | =0.82 | |
| Bitlbee Bitlbee | =1.2 | |
| Bitlbee Bitlbee | =0.73 | |
| redhat/1.2.2 | <1 | 1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bitlbee.org/main.php/changelog.html
- http://www.securityfocus.com/bid/30858
- http://secunia.com/advisories/31633
- http://secunia.com/advisories/31991
- http://security.gentoo.org/glsa/glsa-200809-14.xml
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00335.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00045.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00692.html
- https://bugzilla.redhat.com/show_bug.cgi?id=460355
- http://secunia.com/advisories/31690
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44699
- http://admin.fedoraproject.org/updates/bitlbee-1.2.2-1.fc8
- http://admin.fedoraproject.org/updates/bitlbee-1.2.2-1.fc9
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-3920
- agent/software-canonical-lookup
- agent/tags
- agent/trending
- vendor/bitlbee
- canonical/bitlbee bitlbee
- version/bitlbee bitlbee/0.71
- version/bitlbee bitlbee/0.72
- version/bitlbee bitlbee/1.1-dev
- version/bitlbee bitlbee/0.85
- version/bitlbee bitlbee/0.85-a
- version/bitlbee bitlbee/0.90
- version/bitlbee bitlbee/0.84
- version/bitlbee bitlbee/1.1.1-dev
- version/bitlbee bitlbee/1.0.3
- version/bitlbee bitlbee/0.80
- version/bitlbee bitlbee/0.81-a
- version/bitlbee bitlbee/0.92
- version/bitlbee bitlbee/1.0.2
- version/bitlbee bitlbee/1.2.1
- version/bitlbee bitlbee/0.93-a
- version/bitlbee bitlbee/0.74-a
- version/bitlbee bitlbee/0.90-a
- version/bitlbee bitlbee/0.74
- version/bitlbee bitlbee/1.0.1
- version/bitlbee bitlbee/1.0
- version/bitlbee bitlbee/1.0.4
- version/bitlbee bitlbee/0.81
- version/bitlbee bitlbee/0.93
- version/bitlbee bitlbee/0.83
- version/bitlbee bitlbee/0.99
- version/bitlbee bitlbee/0.91
- version/bitlbee bitlbee/0.82
- version/bitlbee bitlbee/1.2
- version/bitlbee bitlbee/0.73
- package-manager/redhat