1. CVE-Search
  2. CVE-2008-3969
ID CVE-2008-3969
Summary Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
References
Vulnerable Configurations
  • cpe:2.3:a:bitlbee:bitlbee:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.73:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.74:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.74a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.74a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.80:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.81:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.81:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.81a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.81a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.82:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.82:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.83:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.83:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.84:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.84:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.85:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.85:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.85a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.85a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.90a:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.90a:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bitlbee:bitlbee:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:bitlbee:bitlbee:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 14-07-2020 - 20:28)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 31342
confirm
fedora FEDORA-2008-7761
gentoo GLSA-200809-14
mlist
  • [oss-security] 20080908 Re: CVE request for bitlbee
  • [oss-security] 20080909 Re: CVE request for bitlbee
secunia
  • 31690
  • 31991
xf bitlbee-multiple-unspecified-security-bypass(45132)
Last major update 14-07-2020 - 20:28
Published 11-09-2008 - 01:13
Last modified 14-07-2020 - 20:28
Back to Top