Vulnerabilities > CVE-2016-6271 - 7PK - Security Features vulnerability in Bzrtp Project Bzrtp 1.0.0/1.0.2/1.0.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | SuSE Local Security Checks |
NASL id | OPENSUSE-2017-193.NASL |
description | This update for bzrtp fixes one security issue. The following vulnerability was fixed : - CVE-2016-6271: missing HVI check on DHPart2 packet reception may have allowed man-in-the-middle attackers to conduct spoofing attacks boo#1020844) |
last seen | 2020-06-05 |
modified | 2017-02-02 |
plugin id | 96944 |
published | 2017-02-02 |
reporter | This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/96944 |
title | openSUSE Security Update : bzrtp (openSUSE-2017-193) |
References
- http://www.securityfocus.com/bid/95928
- http://www.securityfocus.com/bid/95928
- https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b
- https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b
- https://github.com/gteissier/CVE-2016-6271
- https://github.com/gteissier/CVE-2016-6271