Vulnerabilities > CVE-2013-1769 - Cryptographic Issues vulnerability in Simon Mcvittie Telepathy Gabble
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_TELEPATHY-GABBLE-130315.NASL description telepathy-gabble was updated to fix several remotely-triggerable NULL crashes. (CVE-2013-1769) last seen 2020-06-05 modified 2013-04-18 plugin id 66021 published 2013-04-18 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66021 title SuSE 11.2 Security Update : telepathy-gabble (SAT Patch Number 7506) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(66021); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1769"); script_name(english:"SuSE 11.2 Security Update : telepathy-gabble (SAT Patch Number 7506)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing a security update." ); script_set_attribute( attribute:"description", value: "telepathy-gabble was updated to fix several remotely-triggerable NULL crashes. (CVE-2013-1769)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=807449" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1769.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7506."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:telepathy-gabble"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"telepathy-gabble-0.7.10-2.19.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"telepathy-gabble-0.7.10-2.19.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1873-1.NASL description Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-1431) It was discovered that telepathy-gabble incorrectly handled certain messages. A remote attacker could use this flaw to cause applications using telepathy-gabble to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-1769). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66886 published 2013-06-13 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66886 title Ubuntu 12.04 LTS / 12.10 / 13.04 : telepathy-gabble vulnerabilities (USN-1873-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-3439.NASL description Update to latest security release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-14 plugin id 65534 published 2013-03-14 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65534 title Fedora 17 : telepathy-gabble-0.16.5-1.fc17 (2013-3439) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-238.NASL description telepathy-gabble was updated to fix a remote denial of service attack using NULL ptr dereferences during hashing. (CVE-2013-1769). last seen 2020-06-05 modified 2014-06-13 plugin id 74937 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74937 title openSUSE Security Update : telepathy-gabble (openSUSE-SU-2013:0518-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-3379.NASL description Update to 0.16.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-20 plugin id 65620 published 2013-03-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65620 title Fedora 18 : telepathy-gabble-0.16.5-1.fc18 (2013-3379)