Vulnerability Description
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freedesktop | Telepathy Gabble | 0.11 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.h
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html
- http://secunia.com/advisories/43316Vendor Advisory
- http://secunia.com/advisories/43369Vendor Advisory
- http://secunia.com/advisories/43404Vendor Advisory
- http://secunia.com/advisories/43485
- http://secunia.com/advisories/43545
- http://secunia.com/advisories/44023
- http://www.debian.org/security/2011/dsa-2169
- http://www.openwall.com/lists/oss-security/2011/02/17/4Patch
- http://www.openwall.com/lists/oss-security/2011/02/17/7Patch
- http://www.securityfocus.com/bid/46440
- http://www.ubuntu.com/usn/USN-1067-1
- http://www.vupen.com/english/advisories/2011/0412Vendor Advisory
FAQ
What is CVE-2011-1000?
CVE-2011-1000 is a vulnerability with a CVSS score of 6.4 (MEDIUM). jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that sp...
How severe is CVE-2011-1000?
CVE-2011-1000 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1000?
Check the references section above for vendor advisories and patch information. Affected products include: Freedesktop Telepathy Gabble.