| Vulnerability Name: | CVE-2007-4396 (CCN-35985) | ||||||||
| Assigned: | 2007-08-12 | ||||||||
| Published: | 2007-08-12 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.1 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Sun Aug 12 2007 - 12:02:24 CDT Vulnerability in multiple "now playing" scripts for various IRC clients Source: MITRE Type: CNA CVE-2007-4396 Source: MITRE Type: CNA CVE-2007-4397 Source: MITRE Type: CNA CVE-2007-4398 Source: MITRE Type: CNA CVE-2007-4399 Source: MITRE Type: CNA CVE-2007-4400 Source: MITRE Type: CNA CVE-2007-4401 Source: MITRE Type: CNA CVE-2007-4402 Source: MITRE Type: CNA CVE-2007-4403 Source: CCN Type: Xchat-XMMS Web site xchat-xmms Source: CCN Type: irssi Web site irssi Source: CCN Type: Konversation Web site Konversation Source: FULLDISC Type: UNKNOWN 20070812 Vulnerability in multiple "now playing" scripts for various IRC clients Source: OSVDB Type: UNKNOWN 39568 Source: CCN Type: SA26454 XMMS-Control for XChat id3 Tag Input Validation Error Source: CCN Type: SA26455 xchat-xmms for XChat id3 Tag Input Validation Error Source: CCN Type: SA26456 Konversation Media Script id3 Tag Input Validation Error Source: CCN Type: SA26457 now_playing.rb for weechat id3 Tag Input Validation Error Source: CCN Type: SA26483 Multiple irssi Music Announcement Scripts id3 Tag Input Validation Error Source: SECUNIA Type: UNKNOWN 26483 Source: CCN Type: SA26484 xmms-thing for XChat id3 Tag Input Validation Error Source: CCN Type: SA26485 XMMS Remote Control Script for XChat id3 Tag Input Validation Error Source: CCN Type: SA26486 Disrok for XChat id3 Tag Input Validation Error Source: CCN Type: SA26487 a2x for XChat id3 Tag Input Validation Error Source: CCN Type: SA26488 Another xmms-info script for XChat id3 Tag Input Validation Error Source: CCN Type: SA26489 xmms.bx for BitchX id3 Tag Input Validation Error Source: CCN Type: SA26490 xmms.pl for weechat id3 Tag Input Validation Error Source: CCN Type: SA26491 Advanced mIRC Integration Plugin id3 Tag Input Validation Error Source: SREASON Type: UNKNOWN 3036 Source: CCN Type: FlashTux Web site WeeChat Source: CCN Type: wouter.coekaerts.be Web site Vulnerability in multiple "now playing" scripts for various IRC clients Source: CONFIRM Type: UNKNOWN http://wouter.coekaerts.be/site/security/nowplaying Source: CCN Type: BitchX Web site BitchX IRC Client Source: CCN Type: Joe Thielen Web page XMMS-Control Source: CCN Type: mIRC Home page mIRC - An Internet Relay Chat program Source: CCN Type: OSVDB ID: 37481 xmms.bx for BitchX MP3 id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39564 now_playing.rb for weechat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39565 xmms.pl for weechat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39566 xmms-thing for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39567 XMMS Remote Control Script for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39568 Multiple Music Announcement Scripts for irssi id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39569 Konversation Media Script id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39570 mIRC Control Plug-in id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39571 Disrok for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39572 Another xmms-info script for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39573 a2x for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39574 xchat-xmms for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39575 XMMS-Control for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 58654 Advanced mIRC Integration Plugin id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: BUGTRAQ Type: UNKNOWN 20070812 Vulnerability in multiple "now playing" scripts for various IRC clients Source: BID Type: UNKNOWN 25281 Source: CCN Type: BID-25281 Multiple IRC Client Now Playing Scripts Input Validation Vulnerability Source: CCN Type: BID-25285 Universal Ircd Server Multiple Remote Vulnerabilities Source: CCN Type: Xchat Web site Xchat Source: XF Type: UNKNOWN irc-multiple-command-execution(35985) Source: XF Type: UNKNOWN irc-multiple-command-execution(35985) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||