Vulnerability Details : CVE-2011-1000
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
Vulnerability category: Input validation
Products affected by CVE-2011-1000
- cpe:2.3:a:freedesktop:telepathy_gabble:0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.11.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:telepathy_gabble:0.8.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1000
2.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1000
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2011-1000
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1000
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html
[SECURITY] Fedora 13 Update: telepathy-glib-0.11.16-2.fc13
-
http://www.openwall.com/lists/oss-security/2011/02/17/7
oss-security - Re: CVE id request: telepathy-gabblePatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65523
Telepathy Gabble google:jingleinfo security bypass CVE-2011-1000 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0901
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html
[SECURITY] Fedora 14 Update: telepathy-gabble-0.10.5-1.fc14
-
http://www.securityfocus.com/bid/46440
Telepathy-Gabble 'jingle-factory.c' Origin Validation Security Bypass Vulnerability
-
https://bugs.freedesktop.org/show_bug.cgi?id=34048
34048 – Interprets google:jingleinfo (and other, less important) stanzas from senders other than the server.Patch
-
http://www.vupen.com/english/advisories/2011/0572
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0428
Webmail | OVH- OVHVendor Advisory
-
https://hermes.opensuse.org/messages/7848248
openSUSE.org - 503
-
http://www.debian.org/security/2011/dsa-2169
Debian -- Security Information -- DSA-2169-1 telepathy-gabble
-
http://www.vupen.com/english/advisories/2011/0412
Webmail | OVH- OVHVendor Advisory
-
http://www.openwall.com/lists/oss-security/2011/02/17/4
oss-security - CVE id request: telepathy-gabblePatch
-
http://www.ubuntu.com/usn/USN-1067-1
USN-1067-1: Telepathy Gabble vulnerability | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html
[SECURITY] Fedora 15 Update: telepathy-glib-0.13.13-1.fc15
-
http://www.vupen.com/english/advisories/2011/0537
Webmail | OVH- OVH
Jump to