Release date:
Updated on: 2012-09-05
Affected Systems:
Jabberd 2.2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55167
Cve id: CVE-2012-3525
Jabberd14 is the original server implementation of the Jabber Protocol, also known as XMPP.
Jabberd2 2.2.16 and earlier versions have errors in implementing the XMPP protocol, s2s/out. c does not Verify whether a request has a callback Response to the XMPP server. Verify Response or Authorization Response allows remote XMPP server to fool the domain.
<* Source: vendor
Link: http://secunia.com/advisories/50124
Http://www.openwall.com/lists/oss-security/2012/08/22/5
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Jabberd
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://jabberd.jabberstudio.org/