FreeBSD : telepathy-gabble -- TLS verification bypass (a3c2dee5-cdb9-11e2-b9ce-080027019be0)

Medium Nessus Plugin ID 66815


The remote FreeBSD host is missing a security-related update.


Simon McVittie reports :

This release fixes a man-in-the-middle attack.

If you use an unencrypted connection to a 'legacy Jabber' (pre-XMPP) server, this version of Gabble will not connect until you make one of these configuration changes :

. upgrade the server software to something that supports XMPP 1.0; or

. use an encrypted 'old SSL' connection, typically on port 5223 (old-ssl); or

. turn off 'Encryption required (TLS/SSL)' (require-encryption).


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 66815

File Name: freebsd_pkg_a3c2dee5cdb911e2b9ce080027019be0.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2013/06/06

Modified: 2013/10/02

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:telepathy-gabble, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/06/05

Vulnerability Publication Date: 2013/05/27

Reference Information

CVE: CVE-2013-1431