Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2016-9928
Analyzed
More InfoOfficial Page
Source-security@debian.org
View Known Exploited Vulnerability (KEV) details
Published At-06 Feb, 2020 | 14:15
Updated At-01 Jan, 2022 | 19:56

MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
mcabber
mcabber
>>mcabber>>Versions from 1.0.0(inclusive) to 1.0.4(exclusive)
cpe:2.3:a:mcabber:mcabber:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.htmlsecurity@debian.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/11/2security@debian.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/09/29security@debian.org
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94862security@debian.org
Third Party Advisory
VDB Entry
https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/rawsecurity@debian.org
Patch
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258security@debian.org
Exploit
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1403790security@debian.org
Exploit
Issue Tracking
Third Party Advisory
https://gultsch.de/gajim_roster_push_and_message_interception.htmlsecurity@debian.org
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00031.htmlsecurity@debian.org
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4506-1/security@debian.org
Third Party Advisory
Change History
0Changes found
Details not found