FreeBSD : jabberd -- denial-of-service vulnerability (2e25d38b-54d1-11d9-b612-000c6e8f12ef)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Jose Antonio Calvo discovered a bug in the Jabber 1.x server.
According to Matthias Wimmer :

Without this patch, it is possible to remotly crash jabberd14, if
there is access to one of the following types of network sockets :

- Socket accepting client connections

- Socket accepting connections from other servers

- Socket connecting to an other Jabber server

- Socket accepting connections from server components

- Socket connecting to server components

This is any socket on which the jabberd server parses XML!

The problem existed in the included expat XML parser code. This patch
removes the included expat code from jabberd14 and links jabberd
against an installed version of expat.

See also :

http://www.nessus.org/u?427de2d1
http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html
http://www.nessus.org/u?deb4b2b5

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18889 (freebsd_pkg_2e25d38b54d111d9b612000c6e8f12ef.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1378

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now