ALT-PU-2017-1350-1
Closed vulnerabilities
Published: 2020-02-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-9928
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
Severity: HIGH (7.4)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html
- http://www.openwall.com/lists/oss-security/2016/12/11/2
- http://www.openwall.com/lists/oss-security/2016/12/11/2
- http://www.openwall.com/lists/oss-security/2017/02/09/29
- http://www.openwall.com/lists/oss-security/2017/02/09/29
- http://www.securityfocus.com/bid/94862
- http://www.securityfocus.com/bid/94862
- https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
- https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258
- https://bugzilla.redhat.com/show_bug.cgi?id=1403790
- https://bugzilla.redhat.com/show_bug.cgi?id=1403790
- https://gultsch.de/gajim_roster_push_and_message_interception.html
- https://gultsch.de/gajim_roster_push_and_message_interception.html
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2260-1] mcabber security update
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2260-1] mcabber security update
- USN-4506-1
- USN-4506-1
Published: 2017-02-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-5604
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4.
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
- http://openwall.com/lists/oss-security/2017/02/09/29
- http://openwall.com/lists/oss-security/2017/02/09/29
- 96184
- 96184
- https://mcabber.com/hg/rev/2a9569fd7644
- https://mcabber.com/hg/rev/2a9569fd7644
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
- https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf
- https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf