FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date


These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4d1d2f6d-ec94-11e1-8bd8-0022156e8794jabberd -- domain spoofing in server dialback protocol

XMPP Standards Foundation reports:

Some implementations of the XMPP Server Dialback protocol (RFC 3920/XEP-0220) have not been checking dialback responses to ensure that validated results are correlated with requests.

An attacking server could spoof one or more domains in communicating with a vulnerable server implementation, thereby avoiding the protections built into the Server Dialback protocol.

Discovery 2012-08-21
Entry 2012-08-23
< 2.2.16_2

76d80b33-7211-11e7-998a-08606e47f965jabberd -- authentication bypass vulnerability

SecurityFocus reports:

JabberD is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.

Discovery 2017-07-03
Entry 2017-07-26
< 2.6.1
553224e7-4325-11d9-a3d5-000c6e8f12efjabberd -- remote buffer overflow vulnerability

Caused by improper bounds-checking of username and password in the C2S module, it is possible for an attacker to cause a remote buffer overflow. The server directly handles the userinput with SQL backend functions - malicious input may lead to buffer overflow.

Discovery 2004-11-24
Entry 2004-11-30
ge 2.* le 2.0.4
55041d37-ff62-11d9-a9a5-000ae4641456jabberd -- 3 buffer overflows

There are 3 buffer overflows in jid.c that are triggered during parsing of JID strings when components (user, host or resource) are too long.

  1. jid.c, line 103: overflow in `str' buffer through strcpy() when "user" part is too long.
  2. jid.c, line 115: overflow in `str' buffer through strcpy() when "host" part is too long.
  3. jid.c, line 127: overflow in `str' buffer through strcpy() when "resource" part is too long.

These overflows can be used to perform a DoS attack on the server (sm process segfaults) and can possible be used for arbitrary code execution.

Discovery 2005-07-25
Entry 2005-07-30
< 2.0.9
f4af098d-d921-11da-ad4a-00123ffe8333jabberd -- SASL Negotiation Denial of Service Vulnerability

Secunia reports:

A vulnerability has been reported in jabberd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of SASL negotiation. This can be exploited to cause a crash by sending a "response" stanza before an "auth" stanza.

Discovery 2006-03-20
Entry 2006-05-01
< 2.0.11
