This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Bitlbee First view 2008-09-04
Product Bitlbee Last view 2017-03-14
Version 0.92 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:bitlbee:bitlbee

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2017-03-14 CVE-2017-5668

bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.
7.5 2017-03-14 CVE-2016-10189

BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
9.8 2017-03-14 CVE-2016-10188

Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
5 2008-09-10 CVE-2008-3969

Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.
7.5 2008-09-04 CVE-2008-3920

Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-476 NULL Pointer Dereference
25% (1) CWE-416 Use After Free
25% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
47809 BitlBee Account Manipulation Security Bypass

OpenVAS Exploits

id Description
2009-02-17 Name : Fedora Update for bitlbee FEDORA-2008-7274
File : nvt/gb_fedora_2008_7274_bitlbee_fc9.nasl
2009-02-17 Name : Fedora Update for bitlbee FEDORA-2008-7712
File : nvt/gb_fedora_2008_7712_bitlbee_fc8.nasl
2009-02-17 Name : Fedora Update for bitlbee FEDORA-2008-7761
File : nvt/gb_fedora_2008_7761_bitlbee_fc8.nasl
2009-02-17 Name : Fedora Update for bitlbee FEDORA-2008-7830
File : nvt/gb_fedora_2008_7830_bitlbee_fc9.nasl
2008-10-03 Name : FreeBSD Ports: bitlbee
File : nvt/freebsd_bitlbee.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200809-14 (bitlbee)
File : nvt/glsa_200809_14.nasl

Nessus® Vulnerability Scanner

id Description
2017-05-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3853.nasl - Type: ACT_GATHER_INFO
2017-03-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-328.nasl - Type: ACT_GATHER_INFO
2017-02-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-832.nasl - Type: ACT_GATHER_INFO
2008-09-28 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_24ec781b8c1111dd99230016d325a0ed.nasl - Type: ACT_GATHER_INFO
2008-09-24 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200809-14.nasl - Type: ACT_GATHER_INFO
2008-09-12 Name: The remote Fedora host is missing a security update.
File: fedora_2008-7761.nasl - Type: ACT_GATHER_INFO
2008-09-12 Name: The remote Fedora host is missing a security update.
File: fedora_2008-7830.nasl - Type: ACT_GATHER_INFO
2008-09-10 Name: The remote Fedora host is missing a security update.
File: fedora_2008-7712.nasl - Type: ACT_GATHER_INFO
2008-09-08 Name: The remote Fedora host is missing a security update.
File: fedora_2008-7274.nasl - Type: ACT_GATHER_INFO