FreeBSD : jabberd -- domain spoofing in server dialback protocol (4d1d2f6d-ec94-11e1-8bd8-0022156e8794)
Medium Nessus Plugin ID 61639
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionXMPP Standards Foundation reports :
Some implementations of the XMPP Server Dialback protocol (RFC 3920/XEP-0220) have not been checking dialback responses to ensure that validated results are correlated with requests.
An attacking server could spoof one or more domains in communicating with a vulnerable server implementation, thereby avoiding the protections built into the Server Dialback protocol.
SolutionUpdate the affected package.