CVE-2007-4397 - OpenCVE

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Irssi	Irssi
Kristof Korwisi	Ixmmsa
Mikachu	L33t Xmms Music Showing Script
Ricardo Mesquita	Mpg123 Ogg123
Simon	Xmms2
Tuomas Jormola	Xmmsinfo

Configuration 1 [-]

OR	cpe:2.3:a:irssi:irssi::::::::
	cpe:2.3:a:kristof_korwisi:ixmmsa:0.3:::::::*
	cpe:2.3:a:mikachu:l33t_xmms_music_showing_script:2.00:::::::*
	cpe:2.3:a:ricardo_mesquita:mpg123:0.01:::::::*
	cpe:2.3:a:ricardo_mesquita:ogg123:0.01:::::::*
	cpe:2.3:a:simon:xmms2:1.1.3:::::::*
	cpe:2.3:a:tuomas_jormola:xmmsinfo:1.1.1.1:::::::*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html
http://osvdb.org/39574
http://osvdb.org/39575
http://secunia.com/advisories/26454
http://secunia.com/advisories/26455
http://secunia.com/advisories/26484
http://secunia.com/advisories/26485
http://secunia.com/advisories/26486
http://secunia.com/advisories/26487
http://secunia.com/advisories/26488
http://securityreason.com/securityalert/3036
http://wouter.coekaerts.be/site/security/nowplaying
http://www.securityfocus.com/archive/1/476283/100/0/threaded
http://www.securityfocus.com/bid/25281
https://exchange.xforce.ibmcloud.com/vulnerabilities/35985

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-18T21:00:00

Updated: 2024-08-07T14:53:55.975Z

Reserved: 2007-08-18T00:00:00

Link: CVE-2007-4397

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-18T21:17:00.000

Modified: 2018-10-15T21:35:04.043

Link: CVE-2007-4397

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26485", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26485"}, {"name": "25281", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25281"}, {"name": "3036", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3036"}, {"name": "26488", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26488"}, {"name": "26484", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26484"}, {"name": "26486", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26486"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"name": "39575", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39575"}, {"name": "26487", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26487"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"name": "irc-multiple-command-execution(35985)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}, {"name": "26454", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26454"}, {"tags": ["x_refsource_MISC"], "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"name": "26455", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26455"}, {"name": "39574", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39574"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4397", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26485", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26485"}, {"name": "25281", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25281"}, {"name": "3036", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3036"}, {"name": "26488", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26488"}, {"name": "26484", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26484"}, {"name": "26486", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26486"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"name": "39575", "refsource": "OSVDB", "url": "http://osvdb.org/39575"}, {"name": "26487", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26487"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"name": "irc-multiple-command-execution(35985)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}, {"name": "26454", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26454"}, {"name": "http://wouter.coekaerts.be/site/security/nowplaying", "refsource": "MISC", "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"name": "26455", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26455"}, {"name": "39574", "refsource": "OSVDB", "url": "http://osvdb.org/39574"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:55.975Z"}, "title": "CVE Program Container", "references": [{"name": "26485", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26485"}, {"name": "25281", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25281"}, {"name": "3036", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3036"}, {"name": "26488", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26488"}, {"name": "26484", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26484"}, {"name": "26486", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26486"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"name": "39575", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39575"}, {"name": "26487", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26487"}, {"name": "20070812 Vulnerability in multiple \"now playing\" scripts for various IRC clients", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"name": "irc-multiple-command-execution(35985)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}, {"name": "26454", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26454"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"name": "26455", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26455"}, {"name": "39574", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39574"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4397", "datePublished": "2007-08-18T21:00:00", "dateReserved": "2007-08-18T00:00:00", "dateUpdated": "2024-08-07T14:53:55.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F2EB305-021F-4372-BC4C-8908BCE8AD49", "versionEndIncluding": "0.8.10rc5", "vulnerable": true}, {"criteria": "cpe:2.3:a:kristof_korwisi:ixmmsa:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "59D9A2F7-D84E-4BC7-A0B3-B57B6B484C6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mikachu:l33t_xmms_music_showing_script:2.00:*:*:*:*:*:*:*", "matchCriteriaId": "4CC8728E-B801-40DE-9EE1-65F5E1DFECDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ricardo_mesquita:mpg123:0.01:*:*:*:*:*:*:*", "matchCriteriaId": "003F9C42-06E0-42D1-81EE-02DB3D6A75D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ricardo_mesquita:ogg123:0.01:*:*:*:*:*:*:*", "matchCriteriaId": "E42D92F4-1AEE-42E2-B600-9EC9A1199F6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:simon:xmms2:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8AAE787-7F3A-4098-A001-F3BA2E32E9E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tuomas_jormola:xmmsinfo:1.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1AE4C773-1512-45FC-905D-D72C64CD21E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, y otras secuencias de comandos no especificadas para XChat permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar comandos IRC de su elecci\u00f3n a trav\u00e9s de secuencias CRLF en el nombre de la canci\u00f3n en un archivo .mp3."}], "id": "CVE-2007-4397", "lastModified": "2018-10-15T21:35:04.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-18T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39574"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39575"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26454"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26455"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26484"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26485"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26486"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26487"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26488"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3036"}, {"source": "cve@mitre.org", "url": "http://wouter.coekaerts.be/site/security/nowplaying"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/476283/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/25281"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35985"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}