FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321084
Date:      2013-06-17
Time:      03:23:53Z
Committer: bf

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f4af098d-d921-11da-ad4a-00123ffe8333	jabberd -- SASL Negotiation Denial of Service Vulnerability Secunia reports: A vulnerability has been reported in jabberd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of SASL negotiation. This can be exploited to cause a crash by sending a "response" stanza before an "auth" stanza. Discovery 2006-03-20 Entry 2006-05-01 jabberd lt 2.0.11 CVE-2006-1329 http://article.gmane.org/gmane.network.jabber.admin/27372 http://jabberstudio.org/projects/jabberd2/releases/view.php?id=826 http://secunia.com/advisories/19281/
4d1d2f6d-ec94-11e1-8bd8-0022156e8794	jabberd -- domain spoofing in server dialback protocol XMPP Standards Foundation reports: Some implementations of the XMPP Server Dialback protocol (RFC 3920/XEP-0220) have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a vulnerable server implementation, thereby avoiding the protections built into the Server Dialback protocol. Discovery 2012-08-21 Entry 2012-08-23 jabberd lt 2.2.16_2 CVE-2012-3525 http://xmpp.org/resources/security-notices/server-dialback/
f4af098d-d921-11da-ad4a-00123ffe8333	jabberd -- SASL Negotiation Denial of Service Vulnerability Secunia reports: A vulnerability has been reported in jabberd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of SASL negotiation. This can be exploited to cause a crash by sending a "response" stanza before an "auth" stanza. Discovery 2006-03-20 Entry 2006-05-01 jabberd lt 2.0.11 CVE-2006-1329 http://article.gmane.org/gmane.network.jabber.admin/27372 http://jabberstudio.org/projects/jabberd2/releases/view.php?id=826 http://secunia.com/advisories/19281/

VuXML ID

Description

f4af098d-d921-11da-ad4a-00123ffe8333

jabberd -- SASL Negotiation Denial of Service Vulnerability

Secunia reports:

A vulnerability has been reported in jabberd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of SASL negotiation. This can be exploited to cause a crash by sending a "response" stanza before an "auth" stanza.

Discovery 2006-03-20
Entry 2006-05-01
jabberd

lt 2.0.11

CVE-2006-1329
http://article.gmane.org/gmane.network.jabber.admin/27372
http://jabberstudio.org/projects/jabberd2/releases/view.php?id=826
http://secunia.com/advisories/19281/

4d1d2f6d-ec94-11e1-8bd8-0022156e8794

jabberd -- domain spoofing in server dialback protocol

XMPP Standards Foundation reports:

Some implementations of the XMPP Server Dialback protocol (RFC 3920/XEP-0220) have not been checking dialback responses to ensure that validated results are correlated with requests.

An attacking server could spoof one or more domains in communicating with a vulnerable server implementation, thereby avoiding the protections built into the Server Dialback protocol.

Discovery 2012-08-21
Entry 2012-08-23
jabberd

lt 2.2.16_2