Test ID:	1.3.6.1.4.1.25623.1.0.702775
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2775-1)
Summary:	The remote host is missing an update for the Debian 'ejabberd' package(s) announced via the DSA-2775-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'ejabberd' package(s) announced via the DSA-2775-1 advisory. Vulnerability Insight: It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers. The updated package for Debian 7 (wheezy) also contains auxiliary bugfixes originally staged for the next stable point release. For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.5-3+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 2.1.10-4+deb7u1. For the testing distribution (jessie), and unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your ejabberd packages. Affected Software/OS: 'ejabberd' package(s) on Debian 6, Debian 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6169 Debian Security Information: DSA-2775 (Google Search) http://www.debian.org/security/2013/dsa-2775
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.