Fedora 8 : bitlbee-1.2.2-1.fc8 (2008-7712)

High Nessus Plugin ID 34145


The remote Fedora host is missing a security update.


Upstream released Bitlbee 1.2.2 with the following changes to the former release: - Security bugfix: It was possible to hijack accounts (without gaining access to the old account, it's simply an overwrite)
- Some more stability improvements. - Fixed bug where people with non-lowercase nicks couldn't drop their account. - Easier upgrades of non-forking daemon mode servers (using the DEAF command). - Can be cross-compiled for Win32 now! (No support for SSL yet though, which makes it less useful for now.) - Exponential backoff on auto-reconnect. - Changing passwords gives less confusing feedback ('password is empty') now. Finished 26 Aug 2008

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected bitlbee package.

See Also



Plugin Details

Severity: High

ID: 34145

File Name: fedora_2008-7712.nasl

Version: $Revision: 1.10 $

Type: local

Agent: unix

Published: 2008/09/10

Modified: 2015/10/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:bitlbee, cpe:/o:fedoraproject:fedora:8

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2008/09/05

Reference Information

CVE: CVE-2008-3920

FEDORA: 2008-7712

CWE: 264