FreeBSD : openfire -- multiple vulnerabilities (937adf01-b64a-11dd-a55e-00163e000016)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Andreas Kurtz reports :

The jabber server Openfire (<= version 3.6.0a) contains several
serious vulnerabilities. Depending on the particular runtime
environment these issues can potentially even be used by an attacker
to execute code on operating system level.

- Authentication bypass - This vulnerability provides an attacker full
access to all functions in the admin webinterface without providing
any user credentials. The Tomcat filter which is responsible for
authentication could be completely circumvented.

- SQL injection - It is possible to pass SQL statements to the backend
database through a SQL injection vulnerability. Depending on the
particular runtime environment and database permissions it is even
possible to write files to disk and execute code on operating system
level.

- Multiple Cross-Site Scripting - Permits arbitrary insertion of HTML-
and JavaScript code in login.jsp. An attacker could also manipulate a
parameter to specify a destination to which a user will be forwarded
to after successful authentication.

See also :

http://www.nessus.org/u?bf579d52
http://www.nessus.org/u?95350c3a
http://secunia.com/Advisories/32478/
http://www.nessus.org/u?8ec9a143

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34839 (freebsd_pkg_937adf01b64a11dda55e00163e000016.nasl)

Bugtraq ID:

CVE ID: CVE-2008-1728
CVE-2008-6508
CVE-2008-6509
CVE-2008-6510
CVE-2008-6511
CVE-2009-1595

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now