jabberd2 2.3.3

CPE Details

jabberd2 2.3.3
jabberd2
jabberd2
2.3.3
2019-09-26
15h00 +00:00
2019-09-26
15h00 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:jabberd2:jabberd2:2.3.3:*:*:*:*:*:*:*

Informations

Vendor

jabberd2

Product

jabberd2

Version

2.3.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2017-18225 2018-03-12 03h00 +00:00 The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
7.8
Haute
CVE-2017-18226 2018-03-12 03h00 +00:00 The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
5.5
Moyen
CVE-2017-10807 2017-07-04 13h00 +00:00 JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
9.8
Critique