| Vulnerability Name: | CVE-2007-4397 (CCN-35985) | ||||||||
| Assigned: | 2007-08-12 | ||||||||
| Published: | 2007-08-12 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Sun Aug 12 2007 - 12:02:24 CDT Vulnerability in multiple "now playing" scripts for various IRC clients Source: MITRE Type: CNA CVE-2007-4396 Source: MITRE Type: CNA CVE-2007-4397 Source: MITRE Type: CNA CVE-2007-4398 Source: MITRE Type: CNA CVE-2007-4399 Source: MITRE Type: CNA CVE-2007-4400 Source: MITRE Type: CNA CVE-2007-4401 Source: MITRE Type: CNA CVE-2007-4402 Source: MITRE Type: CNA CVE-2007-4403 Source: CCN Type: Xchat-XMMS Web site xchat-xmms Source: CCN Type: irssi Web site irssi Source: CCN Type: Konversation Web site Konversation Source: FULLDISC Type: UNKNOWN 20070812 Vulnerability in multiple "now playing" scripts for various IRC clients Source: OSVDB Type: UNKNOWN 39574 Source: OSVDB Type: UNKNOWN 39575 Source: CCN Type: SA26454 XMMS-Control for XChat id3 Tag Input Validation Error Source: SECUNIA Type: Vendor Advisory 26454 Source: CCN Type: SA26455 xchat-xmms for XChat id3 Tag Input Validation Error Source: SECUNIA Type: Vendor Advisory 26455 Source: CCN Type: SA26456 Konversation Media Script id3 Tag Input Validation Error Source: CCN Type: SA26457 now_playing.rb for weechat id3 Tag Input Validation Error Source: CCN Type: SA26483 Multiple irssi Music Announcement Scripts id3 Tag Input Validation Error Source: CCN Type: SA26484 xmms-thing for XChat id3 Tag Input Validation Error Source: SECUNIA Type: Vendor Advisory 26484 Source: CCN Type: SA26485 XMMS Remote Control Script for XChat id3 Tag Input Validation Error Source: SECUNIA Type: Vendor Advisory 26485 Source: CCN Type: SA26486 Disrok for XChat id3 Tag Input Validation Error Source: SECUNIA Type: Vendor Advisory 26486 Source: CCN Type: SA26487 a2x for XChat id3 Tag Input Validation Error Source: SECUNIA Type: Vendor Advisory 26487 Source: CCN Type: SA26488 Another xmms-info script for XChat id3 Tag Input Validation Error Source: SECUNIA Type: Vendor Advisory 26488 Source: CCN Type: SA26489 xmms.bx for BitchX id3 Tag Input Validation Error Source: CCN Type: SA26490 xmms.pl for weechat id3 Tag Input Validation Error Source: CCN Type: SA26491 Advanced mIRC Integration Plugin id3 Tag Input Validation Error Source: SREASON Type: UNKNOWN 3036 Source: CCN Type: FlashTux Web site WeeChat Source: CCN Type: wouter.coekaerts.be Web site Vulnerability in multiple "now playing" scripts for various IRC clients Source: MISC Type: UNKNOWN http://wouter.coekaerts.be/site/security/nowplaying Source: CCN Type: BitchX Web site BitchX IRC Client Source: CCN Type: Joe Thielen Web page XMMS-Control Source: CCN Type: mIRC Home page mIRC - An Internet Relay Chat program Source: CCN Type: OSVDB ID: 37481 xmms.bx for BitchX MP3 id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39564 now_playing.rb for weechat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39565 xmms.pl for weechat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39566 xmms-thing for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39567 XMMS Remote Control Script for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39568 Multiple Music Announcement Scripts for irssi id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39569 Konversation Media Script id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39570 mIRC Control Plug-in id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39571 Disrok for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39572 Another xmms-info script for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39573 a2x for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39574 xchat-xmms for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 39575 XMMS-Control for XChat id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: CCN Type: OSVDB ID: 58654 Advanced mIRC Integration Plugin id3 Tag CRLF Injection Arbitrary IRC Command Execution Source: BUGTRAQ Type: UNKNOWN 20070812 Vulnerability in multiple "now playing" scripts for various IRC clients Source: BID Type: Exploit, Patch 25281 Source: CCN Type: BID-25281 Multiple IRC Client Now Playing Scripts Input Validation Vulnerability Source: CCN Type: BID-25285 Universal Ircd Server Multiple Remote Vulnerabilities Source: CCN Type: Xchat Web site Xchat Source: XF Type: UNKNOWN irc-multiple-command-execution(35985) Source: XF Type: UNKNOWN irc-multiple-command-execution(35985) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||