Lucene search

PRIOn knowledge basePRION:CVE-2007-4397

HistoryAug 18, 2007 - 9:17 p.m.

Crlf injection

2007-08-1821:17:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.4%

JSON

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CPENameOperatorVersion
irssieq<= 0.8.10rc5
ixmmsaeq0.3
l33t_xmms_music_showing_scripteq2.00
mpg123eq0.01
ogg123eq0.01
xmms2eq1.1.3
xmmsinfoeq1.1.1.1

Name	Operator	Version
irssi	eq	<= 0.8.10rc5
ixmmsa	eq	0.3
l33t_xmms_music_showing_script	eq	2.00
mpg123	eq	0.01
ogg123	eq	0.01
xmms2	eq	1.1.3
xmmsinfo	eq	1.1.1.1

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html

osvdb.org/39574

osvdb.org/39575

secunia.com/advisories/26454

secunia.com/advisories/26455

secunia.com/advisories/26484

secunia.com/advisories/26485

secunia.com/advisories/26486

secunia.com/advisories/26487

secunia.com/advisories/26488

securityreason.com/securityalert/3036

wouter.coekaerts.be/site/security/nowplaying

www.securityfocus.com/archive/1/476283/100/0/threaded

www.securityfocus.com/bid/25281

exchange.xforce.ibmcloud.com/vulnerabilities/35985