Joined: 12 May 2004
|Posted: Mon Mar 19, 2018 2:26 am Post subject: [ GLSA 201803-07 ] JabberD 2.x
|Gentoo Linux Security Advisory
Title: JabberD 2.x: Multiple vulnerabilities (GLSA 201803-07)
Exploitable: local, remote
Bug(s): #623806, #629412, #631068
Multiple vulnerabilities have been found in Gentoo's JabberD 2.x
ebuild, the worst of which allows local attackers to escalate privileges.
JabberD 2.x is an open source Jabber server written in C.
Vulnerable: <= 2.6.1
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in Gentoo’s JabberD 2.x
ebuild. Please review the referenced CVE identifiers for details.
An attacker could possibly escalate privileges by owning system binaries
in trusted locations, cause a Denial of Service condition by manipulating
the PID file from jabberd2 services, bypass security via SASL ANONYMOUS
connections or have other unspecified impacts.
There is no known workaround at this time.
Gentoo has discontinued support for JabberD 2.x and recommends that
users unmerge the package:
As an alternative, users may want to upgrade their systems to use
|# emerge --unmerge "net-im/jabberd2"
net-im/prosody instead of net-im/jabberd2.