GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » gtalkbot User Credential Disclosure Vulnerability

 

Release Date: 31/01/2007 Severity: Less Critical Less Critical
SecWatch Advisory: SWID1016898 Cause: Not specified
Solution Status: Vendor Patch Impact: Disclosure of user information
Exploit Status: None Available Access Vector: From local system
 
Affected Software: gtalkbot 1.x
 
Original Advisory: http://www.stillhq.com/gtalkbot/000003.html
References: FrSIRT/ADV-2007-0408
CVE: CVE-2007-0627
Secunia: SA23942

 

Description:

A vulnerability in gtalkbot has been reported, which can be exploited by local users to disclose sensitive information.

Certain user credentials are passed to the application as arguments on the command line. This can be exploited to gain knowledge of usernames and passwords of other services via the process list.

 

Affected:

gtalkbot versions prior to 1.1.

 

Solution:

The vulnerability has been fixed in version 1.1 or later.

 

Credits:

Reported by vendor.

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.