Date: Mon, 4 May 2009 14:12:09 GMT From: Mark Foster <mark@foster.cc> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/134207: vuxml submission for net-im/openfire Message-ID: <200905041412.n44EC9oa072396@www.freebsd.org> Resent-Message-ID: <200905041420.n44EK3ZC061205@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 134207 >Category: ports >Synopsis: vuxml submission for net-im/openfire >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon May 04 14:20:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Mark Foster >Release: 7.1 RELEASE >Organization: Credentia >Environment: >Description: >How-To-Repeat: >Fix: <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; <vuln vid="e3e30d99-58a8-4a3f-8059-a8b7cd59b881"> <topic>openfire -- Openfire No Password Changes Security Bypass</topic> <affects> <package> <name>openfire</name> <range><eq>3.6.3</eq></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Secunia reports:</p> <blockquote cite="http://secunia.com/advisories/34984/">; <p>A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server.</p> </blockquote> </body> </description> <references> <url>http://secunia.com/advisories/34984/</url>; </references> <dates> <discovery>2009-05-04</discovery> <entry>2009-05-04</entry> </dates> </vuln> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905041412.n44EC9oa072396>