CVE-2007-4396 - Vulnerability Details - OpenCVE

Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01647.

Key SSVC decision points have not yet been added.

Vendors	Products
Irssi	Irssi

Configuration 1 [-]

cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-4379	Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html
http://osvdb.org/39568
http://secunia.com/advisories/26483
http://securityreason.com/securityalert/3036
http://wouter.coekaerts.be/site/security/nowplaying
http://www.securityfocus.com/archive/1/476283/100/0/threaded
http://www.securityfocus.com/bid/25281
https://exchange.xforce.ibmcloud.com/vulnerabilities/35985

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-18T21:00:00

Updated: 2024-08-07T14:53:55.724Z

Reserved: 2007-08-18T00:00:00

Link: CVE-2007-4396

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-08-18T21:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4396

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "39568", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39568"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"name": "25281", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25281"}, {"name": "3036", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3036"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"name": "irc-multiple-command-execution(35985)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}, {"name": "26483", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26483"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4396", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "39568", "refsource": "OSVDB", "url": "http://osvdb.org/39568"}, {"name": "http://wouter.coekaerts.be/site/security/nowplaying", "refsource": "CONFIRM", "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"name": "25281", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25281"}, {"name": "3036", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3036"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"name": "irc-multiple-command-execution(35985)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}, {"name": "26483", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26483"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:55.724Z"}, "title": "CVE Program Container", "references": [{"name": "39568", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39568"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"name": "25281", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25281"}, {"name": "3036", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3036"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"name": "irc-multiple-command-execution(35985)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}, {"name": "26483", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26483"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4396", "datePublished": "2007-08-18T21:00:00", "dateReserved": "2007-08-18T00:00:00", "dateUpdated": "2024-08-07T14:53:55.724Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*", "matchCriteriaId": "B45AFDA2-CB1F-48D4-89FA-F33945C0E1D7", "versionEndIncluding": "0.8.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de retorno de carro y salto de l\u00ednea (CRLF) en las secuencias de comandos (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, y (7) xmmsinfo.pl 1.1.1.1 para irssi anterior a 0.8.11 permite a atacantes remotos con la complicidad del usuario ejecutar comandos de IRC de su elecci\u00f3n mediante secuencias CRLF en el nombre de la canci\u00f3n de un fichero .mp3."}], "id": "CVE-2007-4396", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-18T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39568"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26483"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3036"}, {"source": "cve@mitre.org", "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25281"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39568"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25281"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}