CVE-2008-3969 — MEDIUM (5.0)

Q: How severe is CVE-2008-3969?

CVE-2008-3969 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-3969?

Check the references section above for vendor advisories and patch information. Affected products include: Bitlbee Bitlbee, Fedoraproject Fedora.

Vulnerability Description

Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Bitlbee	Bitlbee	< 1.2.3
Fedoraproject	Fedora	8

References

http://secunia.com/advisories/31690Third Party Advisory
http://secunia.com/advisories/31991Third Party Advisory
http://security.gentoo.org/glsa/glsa-200809-14.xmlThird Party Advisory
http://www.bitlbee.org/main.php/changelog.htmlRelease NotesVendor Advisory
http://www.bitlbee.org/main.php/news.r.htmlRelease NotesVendor Advisory
http://www.openwall.com/lists/oss-security/2008/09/08/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2008/09/09/11Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/31342Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=461424Issue TrackingThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45132Third Party AdvisoryVDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00587.Third Party Advisory
http://secunia.com/advisories/31690Third Party Advisory
http://secunia.com/advisories/31991Third Party Advisory
http://security.gentoo.org/glsa/glsa-200809-14.xmlThird Party Advisory
http://www.bitlbee.org/main.php/changelog.htmlRelease NotesVendor Advisory

FAQ

What is CVE-2008-3969?

CVE-2008-3969 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_I...

How severe is CVE-2008-3969?

CVE-2008-3969 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3969?

Check the references section above for vendor advisories and patch information. Affected products include: Bitlbee Bitlbee, Fedoraproject Fedora.