Joined: 12 May 2004
|Posted: Tue Sep 23, 2008 10:26 pm Post subject: [ GLSA 200809-14 ] BitlBee: Security bypass
|Gentoo Linux Security Advisory
Title: BitlBee: Security bypass (GLSA 200809-14)
Date: September 23, 2008
Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts.
BitlBee is an IRC to IM gateway that support multiple IM protocols.
Vulnerable: < 1.2.3
Unaffected: >= 1.2.3
Architectures: All supported architectures
Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference.
A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts.
There is no known workaround at this time.
All BitlBee users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/bitlbee-1.2.3"