Main Vulnerability Database SB2016121390

SB2016121390 - Slackware Linux update for mcabber

Published: December 13, 2016 Updated: May 6, 2017

Security Bulletin ID SB2016121390

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Privilege Management (CVE-ID: CVE-2016-9928)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.

Remediation

Install update from vendor's website.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458719