jabberd2 2.4.0

CPE Details

jabberd2 2.4.0
jabberd2
jabberd2
2.4.0
2019-09-26
15h00 +00:00
2019-09-26
15h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jabberd2:jabberd2:2.4.0:*:*:*:*:*:*:*

Informations

Vendor

jabberd2

Product

jabberd2

Version

2.4.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-18225 2018-03-12 03h00 +00:00 The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
7.8
High
CVE-2017-18226 2018-03-12 03h00 +00:00 The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
5.5
Medium
CVE-2017-10807 2017-07-04 13h00 +00:00 JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
9.8
Critical