CVE-2008-5657 - Vulnerability Details - OpenCVE

CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Quassel	Quassel Core

Configuration 1 [-]

OR	cpe:2.3:a:quassel:quassel_core::::::::
	cpe:2.3:a:quassel:quassel_core:0.1.0:::::::*
	cpe:2.3:a:quassel:quassel_core:0.2.0:alpha1::::::
	cpe:2.3:a:quassel:quassel_core:0.2.0:alpha2::::::
	cpe:2.3:a:quassel:quassel_core:0.2.0:alpha3::::::
	cpe:2.3:a:quassel:quassel_core:0.2.0:alpha4::::::
	cpe:2.3:a:quassel:quassel_core:0.2.0:alpha5::::::
	cpe:2.3:a:quassel:quassel_core:0.2.0:beta1::::::
	cpe:2.3:a:quassel:quassel_core:0.2.0:pre::::::
	cpe:2.3:a:quassel:quassel_core:0.2.0:rc1::::::
	cpe:2.3:a:quassel:quassel_core:0.3.0:::::::*
	cpe:2.3:a:quassel:quassel_core:0.3.0:pre::::::
	cpe:2.3:a:quassel:quassel_core:0.3.0.1:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550
http://quassel-irc.org/node/89
http://secunia.com/advisories/32470
http://secunia.com/advisories/32692
http://wouter.coekaerts.be/site/security/quassel-ctcp
http://www.securityfocus.com/archive/1/497882/30/0/threaded
http://www.securityfocus.com/archive/1/497884
http://www.securityfocus.com/bid/31973
http://www.vupen.com/english/advisories/2008/3164
https://exchange.xforce.ibmcloud.com/vulnerabilities/46195
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00354.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-17T20:00:00

Updated: 2024-08-07T11:04:43.098Z

Reserved: 2008-12-17T00:00:00

Link: CVE-2008-5657

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-12-17T20:30:00.967

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5657

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32470", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32470"}, {"name": "20081028 Re: Quassel IRC: connection hijacking", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497884"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550"}, {"name": "quasselirc-ctcp-command-execution(46195)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46195"}, {"name": "20081028 Quassel IRC: connection hijacking", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497882/30/0/threaded"}, {"name": "ADV-2008-3164", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3164"}, {"tags": ["x_refsource_MISC"], "url": "http://wouter.coekaerts.be/site/security/quassel-ctcp"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://quassel-irc.org/node/89"}, {"name": "FEDORA-2008-9658", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00354.html"}, {"name": "32692", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32692"}, {"name": "31973", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31973"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5657", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32470", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32470"}, {"name": "20081028 Re: Quassel IRC: connection hijacking", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497884"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550"}, {"name": "quasselirc-ctcp-command-execution(46195)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46195"}, {"name": "20081028 Quassel IRC: connection hijacking", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497882/30/0/threaded"}, {"name": "ADV-2008-3164", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3164"}, {"name": "http://wouter.coekaerts.be/site/security/quassel-ctcp", "refsource": "MISC", "url": "http://wouter.coekaerts.be/site/security/quassel-ctcp"}, {"name": "http://quassel-irc.org/node/89", "refsource": "CONFIRM", "url": "http://quassel-irc.org/node/89"}, {"name": "FEDORA-2008-9658", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00354.html"}, {"name": "32692", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32692"}, {"name": "31973", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31973"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:43.098Z"}, "title": "CVE Program Container", "references": [{"name": "32470", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32470"}, {"name": "20081028 Re: Quassel IRC: connection hijacking", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/497884"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550"}, {"name": "quasselirc-ctcp-command-execution(46195)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46195"}, {"name": "20081028 Quassel IRC: connection hijacking", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/497882/30/0/threaded"}, {"name": "ADV-2008-3164", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3164"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://wouter.coekaerts.be/site/security/quassel-ctcp"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://quassel-irc.org/node/89"}, {"name": "FEDORA-2008-9658", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00354.html"}, {"name": "32692", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32692"}, {"name": "31973", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31973"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5657", "datePublished": "2008-12-17T20:00:00", "dateReserved": "2008-12-17T00:00:00", "dateUpdated": "2024-08-07T11:04:43.098Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quassel:quassel_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "79924FF3-6DFE-44A2-BE21-DDC8C671F8B9", "versionEndIncluding": "0.3.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "417555E8-78DE-4C1E-8573-17EF781FE4AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.2.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "92BA24A0-AA72-4F4C-B275-86B36036D582", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.2.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "0CDE6576-000F-4149-BB56-A2102AE5E7F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.2.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "63819AAD-8D1C-45F0-81AB-CD5B5C34EDBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.2.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "BCC7024C-7F2C-427B-B979-437251136BB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.2.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "12DDD9FE-A251-469B-8B06-10498A141B25", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "E47C7D10-D188-47C0-9BD1-0ECE21216EB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.2.0:pre:*:*:*:*:*:*", "matchCriteriaId": "0BA6FDC2-BF11-44DE-A569-CA3A957CF2A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "95440603-CF24-4606-9E30-FBB09C9D6C21", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB132B8E-CBB7-4C40-85B3-86CDFE3F44B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.3.0:pre:*:*:*:*:*:*", "matchCriteriaId": "C6315569-0DE5-4D58-BD20-BE2D86B39B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:quassel:quassel_core:0.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F2CEE42-1C59-4698-9FFF-567894463D20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en Quassel Core anterior a 0.3.0.3, permite a atacantes remotos falsear mensajes IRC haci\u00e9ndose pasar por otro usuario, utilizando un mensaje CTCP manipulado."}], "id": "CVE-2008-5657", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-17T20:30:00.967", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://quassel-irc.org/node/89"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32470"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32692"}, {"source": "cve@mitre.org", "url": "http://wouter.coekaerts.be/site/security/quassel-ctcp"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/497882/30/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/497884"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31973"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/3164"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46195"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00354.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://quassel-irc.org/node/89"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32692"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wouter.coekaerts.be/site/security/quassel-ctcp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/497882/30/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/497884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31973"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/3164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00354.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}