Vulnerabilities > CVE-2008-3969 - Permissions, Privileges, and Access Controls vulnerability in Bitlbee

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
bitlbee
fedoraproject
nessus

Summary

Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200809-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200809-14 (BitlBee: Security bypass) Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact : A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id34272
    published2008-09-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34272
    titleGLSA-200809-14 : BitlBee: Security bypass
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200809-14.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34272);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2008-3920", "CVE-2008-3969");
      script_xref(name:"GLSA", value:"200809-14");
    
      script_name(english:"GLSA-200809-14 : BitlBee: Security bypass");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200809-14
    (BitlBee: Security bypass)
    
        Multiple unspecified vulnerabilities were reported, including a NULL
        pointer dereference.
      
    Impact :
    
        A remote attacker could exploit these vulnerabilities to overwrite
        existing IM accounts.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200809-14"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All BitlBee users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-im/bitlbee-1.2.3'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bitlbee");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-im/bitlbee", unaffected:make_list("ge 1.2.3"), vulnerable:make_list("lt 1.2.3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BitlBee");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-7761.NASL
    descriptionUpstream released Bitlbee 1.2.3 with the following changes to the former release: - Fixed one more flaw similar to the previous hijacking bug, caused by inconsistent handling of the USTATUS_IDENTIFIED state. All code touching these variables was reviewed and should be correct now. Finished 7 Sep 2008 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34174
    published2008-09-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34174
    titleFedora 8 : bitlbee-1.2.3-1.fc8 (2008-7761)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-7761.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34174);
      script_version ("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:28");
    
      script_cve_id("CVE-2008-3969");
      script_xref(name:"FEDORA", value:"2008-7761");
    
      script_name(english:"Fedora 8 : bitlbee-1.2.3-1.fc8 (2008-7761)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Upstream released Bitlbee 1.2.3 with the following changes to the
    former release: - Fixed one more flaw similar to the previous
    hijacking bug, caused by inconsistent handling of the
    USTATUS_IDENTIFIED state. All code touching these variables was
    reviewed and should be correct now. Finished 7 Sep 2008
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=461424"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014118.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?13315e0c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected bitlbee package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bitlbee");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"bitlbee-1.2.3-1.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bitlbee");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_24EC781B8C1111DD99230016D325A0ED.NASL
    descriptionSecunia reports : Some security issues have been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. The security issues are caused due to unspecified errors, which can be exploited to overwrite existing accounts.
    last seen2020-06-01
    modified2020-06-02
    plugin id34301
    published2008-09-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34301
    titleFreeBSD : bitlbee -- account recreation security issues (24ec781b-8c11-11dd-9923-0016d325a0ed)