[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-9928Date: (C)2020-02-06   (M)2023-12-22


MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.4CVSS Score : 5.8
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
USN-4506-1
https://lists.debian.org/debian-lts-announce/2020/06/msg00031.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html
http://www.openwall.com/lists/oss-security/2016/12/11/2
http://www.openwall.com/lists/oss-security/2017/02/09/29
http://www.securityfocus.com/bid/94862
https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258
https://bugzilla.redhat.com/show_bug.cgi?id=1403790
https://gultsch.de/gajim_roster_push_and_message_interception.html

CPE    2
cpe:/o:debian:debian_linux:8.0
cpe:/a:mcabber:mcabber
CWE    1
CWE-269
OVAL    3
oval:org.secpod.oval:def:67113
oval:org.secpod.oval:def:1900500
oval:org.secpod.oval:def:705625

© SecPod Technologies