FreeBSD Local Security Checks : FreeBSD Ports: jabberd

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71838

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: jabberd

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: jabberd

CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a
request was made for an XMPP Server Dialback response, which allows
remote XMPP servers to spoof domains via a (1) Verify Response or (2)
Authorization Response.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3525
50124
http://secunia.com/advisories/50124
50859
http://secunia.com/advisories/50859
55167
http://www.securityfocus.com/bid/55167
APPLE-SA-2013-03-14-1
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
RHSA-2012:1538
http://rhn.redhat.com/errata/RHSA-2012-1538.html
RHSA-2012:1539
http://rhn.redhat.com/errata/RHSA-2012-1539.html
[jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations
http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html
[oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks
http://www.openwall.com/lists/oss-security/2012/08/22/5
[oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks
http://www.openwall.com/lists/oss-security/2012/08/22/6
http://xmpp.org/resources/security-notices/server-dialback/
https://bugzilla.redhat.com/show_bug.cgi?id=850872
https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71838
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: jabberd
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: jabberd CVE-2012-3525 s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3525 50124 http://secunia.com/advisories/50124 50859 http://secunia.com/advisories/50859 55167 http://www.securityfocus.com/bid/55167 APPLE-SA-2013-03-14-1 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html RHSA-2012:1538 http://rhn.redhat.com/errata/RHSA-2012-1538.html RHSA-2012:1539 http://rhn.redhat.com/errata/RHSA-2012-1539.html [jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations http://www.mail-archive.com/jabberd2%40lists.xiaoka.com/msg01903.html [oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks http://www.openwall.com/lists/oss-security/2012/08/22/5 [oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks http://www.openwall.com/lists/oss-security/2012/08/22/6 http://xmpp.org/resources/security-notices/server-dialback/ https://bugzilla.redhat.com/show_bug.cgi?id=850872 https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d
Copyright	Copyright (C) 2012 E-Soft Inc.