MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
References
| Link | Resource |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html | Mailing List Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2016/12/11/2 | Mailing List Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2017/02/09/29 | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/94862 | Third Party Advisory VDB Entry |
| https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw | Patch Third Party Advisory |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258 | Exploit Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1403790 | Exploit Issue Tracking Third Party Advisory |
| https://gultsch.de/gajim_roster_push_and_message_interception.html | Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00031.html | Mailing List Third Party Advisory |
| https://usn.ubuntu.com/4506-1/ | Third Party Advisory |
Configurations
History
01 Jan 2022, 19:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00031.html - Mailing List, Third Party Advisory | |
| References | (UBUNTU) https://usn.ubuntu.com/4506-1/ - Third Party Advisory | |
| CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
Information
Published : 2020-02-06 14:15
Updated : 2024-02-04 20:39
NVD link : CVE-2016-9928
Mitre link : CVE-2016-9928
CVE.ORG link : CVE-2016-9928
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
mcabber
- mcabber
CWE
CWE-269
Improper Privilege Management