CVE-2011-1000

jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html
http://secunia.com/advisories/43316	Vendor Advisory
http://secunia.com/advisories/43369	Vendor Advisory
http://secunia.com/advisories/43404	Vendor Advisory
http://secunia.com/advisories/43485
http://secunia.com/advisories/43545
http://secunia.com/advisories/44023
http://www.debian.org/security/2011/dsa-2169
http://www.openwall.com/lists/oss-security/2011/02/17/4	Patch
http://www.openwall.com/lists/oss-security/2011/02/17/7	Patch
http://www.securityfocus.com/bid/46440
http://www.ubuntu.com/usn/USN-1067-1
http://www.vupen.com/english/advisories/2011/0412	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0428	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0537
http://www.vupen.com/english/advisories/2011/0572
http://www.vupen.com/english/advisories/2011/0901
https://bugs.freedesktop.org/show_bug.cgi?id=34048	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65523
https://hermes.opensuse.org/messages/7848248
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html
http://secunia.com/advisories/43316	Vendor Advisory
http://secunia.com/advisories/43369	Vendor Advisory
http://secunia.com/advisories/43404	Vendor Advisory
http://secunia.com/advisories/43485
http://secunia.com/advisories/43545
http://secunia.com/advisories/44023
http://www.debian.org/security/2011/dsa-2169
http://www.openwall.com/lists/oss-security/2011/02/17/4	Patch
http://www.openwall.com/lists/oss-security/2011/02/17/7	Patch
http://www.securityfocus.com/bid/46440
http://www.ubuntu.com/usn/USN-1067-1
http://www.vupen.com/english/advisories/2011/0412	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0428	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0537
http://www.vupen.com/english/advisories/2011/0572
http://www.vupen.com/english/advisories/2011/0901
https://bugs.freedesktop.org/show_bug.cgi?id=34048	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65523
https://hermes.opensuse.org/messages/7848248

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:freedesktop:telepathy_gabble:0.11:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.11.1:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.11.2:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.11.3:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.11.4:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.11.5:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.11.6:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:freedesktop:telepathy_gabble:0.10:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.10.1:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.10.2:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.10.3:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.10.4:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:freedesktop:telepathy_gabble:0.8:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.1:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.2:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.3:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.4:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.5:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.6:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.7:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.8:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.9:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.10:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.11:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.12:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.13:::::::*
	cpe:2.3:a:freedesktop:telepathy_gabble:0.8.14:::::::*

History

21 Nov 2024, 01:25

Information

Published : 2011-02-19 01:00

Updated : 2024-11-21 01:25

NVD link : CVE-2011-1000

Mitre link : CVE-2011-1000

CVE.ORG link : CVE-2011-1000

JSON object : View

Products Affected

freedesktop

telepathy_gabble

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-1000", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-02-19T01:00:03.587", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43316", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43369", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43404", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43485", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43545", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/44023", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2011/dsa-2169", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/02/17/4", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/02/17/7", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/46440", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1067-1", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0412", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0428", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0537", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0572", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0901", "source": "secalert@redhat.com"}, {"url": "https://bugs.freedesktop.org/show_bug.cgi?id=34048", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65523", "source": "secalert@redhat.com"}, {"url": "https://hermes.opensuse.org/messages/7848248", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43316", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43369", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43404", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43485", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/43545", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/44023", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2011/dsa-2169", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2011/02/17/4", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2011/02/17/7", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/46440", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1067-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0412", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0428", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0537", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0572", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0901", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.freedesktop.org/show_bug.cgi?id=34048", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65523", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hermes.opensuse.org/messages/7848248", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media."}, {"lang": "es", "value": "jingle-factory.c en Telepathy Gabble v0.11 antes de v0.11.7, v0.10 antes de v0.10.5, y v0.8 antes de v0.8.15 permite a atacantes remotos rastrear llamadas de audio y v\u00eddeo a trav\u00e9s de una estrofa google:jingleinfo debidamente modificada donde se especifica un servidor alternativo para el contenido multimedia enviado por streaming."}], "lastModified": "2024-11-21T01:25:17.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7B08E26-8AC8-42B0-87D2-500EE4E6B5F9"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40AB1AF4-D061-41E4-AA15-8BC05AAD3D81"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCDF2FEF-6CF6-447B-9FE2-E4744AB719AC"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06C3DF89-B7A9-4FBD-9E26-957836A08658"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E40D638F-EF85-4F15-A937-99F27A3FDE84"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB7DED28-C74B-4EE1-AABA-C5D4B22B3942"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.11.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03ED1C24-624F-4702-A7D8-33F83266A79D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDCC01ED-13F2-4912-A081-868BD9DA2A89"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28C647D-E3C4-4BD5-A781-4169650A1F5F"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22DC153A-79F9-4CFD-A54D-AE2CA76D27B2"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26CDDAD6-08EB-4008-BECD-5D3658AC8FE9"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4AD9662-762E-484C-A940-40932F973FC8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C60B5C9-EE58-42F4-AC18-10799F030FC9"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4A60D96-D876-4436-B475-F0B0C27C5B6A"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3164EE83-2DD5-434E-9B5B-671C0533BCC3"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0718A377-6599-4DF2-A293-EC4F1E9FEC07"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4ED95BED-B0CA-41FF-B519-F63560E2E1F9"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE426DD3-173C-44CA-B7C6-8E59A73B4C8A"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A50E11-9991-46B9-AEAB-33EE84F8C0B0"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FB1AF33-EBDC-4647-9147-33BA2CA6B72A"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAABBF31-045A-4AE5-8DB1-F3E61BEB5279"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A4385F3-AA33-499C-9214-985A1DEC82C8"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70C27E85-BB89-4311-9809-FA80BD71B999"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E47A169-0575-49A4-8CA6-972D89C7300E"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD4E314B-AB04-4CC2-B568-87936F8F5383"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC06F2FD-C6CC-4D29-8C5F-B3C71978F89F"}, {"criteria": "cpe:2.3:a:freedesktop:telepathy_gabble:0.8.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20994740-D2E4-417A-8992-76582FB79917"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

6.4 /10