CVE-2008-3969
First published: Sun Sep 07 2008(Updated: )
Description of problem: Bitlbee 1.2.3 was released, see the following changelog: Version 1.2.3: - Fixed one more flaw similar to the previous hijacking bug, caused by incon- sistent handling of the USTATUS_IDENTIFIED state. All code touching these variables was reviewed and should be correct now. Finished 7 Sep 2008 Version-Release number of selected component (if applicable): bitlbee-1.2.2-1 Actual results: bitlbee-1.2.2-1 Expected results: bitlbee-1.2.3-1 ;-)
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/1.2.3 | <1 | 1 |
| BitlBee | <1.2.3 | |
| Fedora | =8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2008/09/09/11
- http://www.bitlbee.org/main.php/changelog.html
- http://www.bitlbee.org/main.php/news.r.html
- http://www.openwall.com/lists/oss-security/2008/09/08/1
- http://www.securityfocus.com/bid/31342
- http://secunia.com/advisories/31991
- http://security.gentoo.org/glsa/glsa-200809-14.xml
- https://bugzilla.redhat.com/show_bug.cgi?id=461424
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.html
- http://secunia.com/advisories/31690
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45132
- http://admin.fedoraproject.org/updates/bitlbee-1.2.3-1.fc8
- http://admin.fedoraproject.org/updates/bitlbee-1.2.3-1.fc9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=461424#c1
- http://bugs.bitlbee.org/bitlbee/changeset/devel%2C443
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=461424#c5
- https://access.redhat.com/security/cve/CVE-2008-3969
- https://access.redhat.com/security/cve/CVE-2008-3920
Frequently Asked Questions
What is the severity of CVE-2008-3969?
CVE-2008-3969 is categorized as a moderate severity vulnerability affecting Bitlbee 1.2.3.
How do I fix CVE-2008-3969?
To fix CVE-2008-3969, upgrade to Bitlbee version 1.2.4 or later.
What versions are affected by CVE-2008-3969?
CVE-2008-3969 affects Bitlbee version 1.2.3 and earlier releases.
What type of vulnerability is CVE-2008-3969?
CVE-2008-3969 is a vulnerability that involves improper handling of user status, which could lead to information disclosure.
Is there a workaround for CVE-2008-3969?
A workaround for CVE-2008-3969 is to restrict the use of the affected version until an upgrade can be performed.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-3969
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- package-manager/redhat
- vendor/bitlbee
- canonical/bitlbee
- vendor/fedoraproject
- canonical/fedora
- version/fedora/8