Fedora 9 : bitlbee-1.2.2-1.fc9 (2008-7274)

High Nessus Plugin ID 34102


The remote Fedora host is missing a security update.


Upstream released Bitlbee 1.2.2 with the following changes to the former release: - Security bugfix: It was possible to hijack accounts (without gaining access to the old account, it's simply an overwrite)
- Some more stability improvements. - Fixed bug where people with non-lowercase nicks couldn't drop their account. - Easier upgrades of non-forking daemon mode servers (using the DEAF command). - Can be cross-compiled for Win32 now! (No support for SSL yet though, which makes it less useful for now.) - Exponential backoff on auto-reconnect. - Changing passwords gives less confusing feedback ('password is empty') now. Finished 26 Aug 2008

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected bitlbee package.

See Also




Plugin Details

Severity: High

ID: 34102

File Name: fedora_2008-7274.nasl

Version: $Revision: 1.13 $

Type: local

Agent: unix

Published: 2008/09/08

Modified: 2015/10/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:bitlbee, cpe:/o:fedoraproject:fedora:9

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/09/05

Reference Information

CVE: CVE-2008-3920

BID: 30858

FEDORA: 2008-7274

CWE: 264