ID B84A992A-12AB-11DD-BAB7-0016179B2DD5 Type freebsd Reporter FreeBSD Modified 2008-04-10T00:00:00
Description
Secunia reports:
A vulnerability has been reported in Openfire, which can be
exploited by malicious people to cause a Denial of Service.
The vulnerability is caused due to an unspecified error and can be
exploited to cause a Denial of Service.
{"id": "B84A992A-12AB-11DD-BAB7-0016179B2DD5", "bulletinFamily": "unix", "title": "openfire -- unspecified denial of service", "description": "\nSecunia reports:\n\nA vulnerability has been reported in Openfire, which can be\n\t exploited by malicious people to cause a Denial of Service.\nThe vulnerability is caused due to an unspecified error and can be\n\t exploited to cause a Denial of Service.\n\n", "published": "2008-04-10T00:00:00", "modified": "2008-04-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/b84a992a-12ab-11dd-bab7-0016179b2dd5.html", "reporter": "FreeBSD", "references": ["http://secunia.com/advisories/29751", "http://www.igniterealtime.org/issues/browse/JM-1289"], "cvelist": ["CVE-2008-1728"], "type": "freebsd", "lastseen": "2019-05-29T18:34:26", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1728"]}, {"type": "openvas", "idList": ["OPENVAS:61918", "OPENVAS:60888", "OPENVAS:60870"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_937ADF01B64A11DDA55E00163E000016.NASL", "FREEBSD_PKG_B84A992A12AB11DDBAB70016179B2DD5.NASL", "GENTOO_GLSA-200804-26.NASL", "OPENFIRE_3_5_0.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8941", "SECURITYVULNS:DOC:19721"]}, {"type": "gentoo", "idList": ["GLSA-200804-26"]}, {"type": "freebsd", "idList": ["937ADF01-B64A-11DD-A55E-00163E000016"]}], "modified": "2019-05-29T18:34:26", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2019-05-29T18:34:26", "rev": 2}, "vulnersScore": 5.6}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "openfire", "packageVersion": "3.5.0"}], "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:35:13", "description": "ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.", "edition": 4, "cvss3": {}, "published": "2008-04-11T19:05:00", "title": "CVE-2008-1728", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1728"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:ignite_realtime:openfire:3.4.5"], "id": "CVE-2008-1728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1728", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ignite_realtime:openfire:3.4.5:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1728"], "description": "### Background\n\nOpenfire (formerly Wildfire) is a Java implementation of a complete Jabber server. \n\n### Description\n\nOpenfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. \n\n### Impact\n\nRemote authenticated attackers could trigger large outgoing queues without reading messages, causing a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Openfire users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/openfire-3.5.0\"", "edition": 1, "modified": "2008-04-23T00:00:00", "published": "2008-04-23T00:00:00", "id": "GLSA-200804-26", "href": "https://security.gentoo.org/glsa/200804-26", "type": "gentoo", "title": "Openfire: Denial of Service", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1728"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-26.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:60870", "href": "http://plugins.openvas.org/nasl.php?oid=60870", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200804-26 (openfire)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A design error in Openfire might lead to a Denial of Service.\";\ntag_solution = \"All Openfire users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/openfire-3.5.0'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-26\nhttp://bugs.gentoo.org/show_bug.cgi?id=217234\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-26.\";\n\n \n\nif(description)\n{\n script_id(60870);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1728\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200804-26 (openfire)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/openfire\", unaffected: make_list(\"ge 3.5.0\"), vulnerable: make_list(\"lt 3.5.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1728"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:60888", "href": "http://plugins.openvas.org/nasl.php?oid=60888", "type": "openvas", "title": "FreeBSD Ports: openfire", "sourceData": "#\n#VID b84a992a-12ab-11dd-bab7-0016179b2dd5\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openfire\n\nCVE-2008-1728\nConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows\nremote attackers to cause a denial of service (daemon outage) by\ntriggering large outgoing queues without reading messages.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/29751\nhttp://www.igniterealtime.org/issues/browse/JM-1289\nhttp://www.vuxml.org/freebsd/b84a992a-12ab-11dd-bab7-0016179b2dd5.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60888);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-1728\");\n script_bugtraq_id(28722);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: openfire\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openfire\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5.0\")<0) {\n txt += 'Package openfire version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-6509", "CVE-2008-6508", "CVE-2008-6511", "CVE-2008-1728", "CVE-2008-6510", "CVE-2009-1595"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-11-24T00:00:00", "id": "OPENVAS:61918", "href": "http://plugins.openvas.org/nasl.php?oid=61918", "type": "openvas", "title": "FreeBSD Ports: openfire", "sourceData": "#\n#VID 937adf01-b64a-11dd-a55e-00163e000016\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 937adf01-b64a-11dd-a55e-00163e000016\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openfire\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt\nhttp://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html\nhttp://secunia.com/Advisories/32478/\nhttp://www.vuxml.org/freebsd/937adf01-b64a-11dd-a55e-00163e000016.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(61918);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-24 23:46:43 +0100 (Mon, 24 Nov 2008)\");\n script_cve_id(\"CVE-2008-6510\", \"CVE-2008-6511\", \"CVE-2008-6508\", \"CVE-2009-1595\", \"CVE-2008-1728\", \"CVE-2008-6509\");\n script_name(\"FreeBSD Ports: openfire\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openfire\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6.1\")<0) {\n txt += 'Package openfire version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "cvelist": ["CVE-2008-1728"], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200804-26\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Openfire: Denial of Service\r\n Date: April 23, 2008\r\n Bugs: #217234\r\n ID: 200804-26\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA design error in Openfire might lead to a Denial of Service.\r\n\r\nBackground\r\n==========\r\n\r\nOpenfire (formerly Wildfire) is a Java implementation of a complete\r\nJabber server.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 net-im/openfire < 3.5.0 >= 3.5.0\r\n\r\nDescription\r\n===========\r\n\r\nOpenfire's connection manager in the file ConnectionManagerImpl.java\r\ncannot handle clients that fail to read messages, and has no limit on\r\ntheir session's send buffer.\r\n\r\nImpact\r\n======\r\n\r\nRemote authenticated attackers could trigger large outgoing queues\r\nwithout reading messages, causing a Denial of Service.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Openfire users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=net-im/openfire-3.5.0"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-1728\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1728\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200804-26.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "edition": 1, "modified": "2008-04-24T00:00:00", "published": "2008-04-24T00:00:00", "id": "SECURITYVULNS:DOC:19721", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19721", "title": "[ GLSA 200804-26 ] Openfire: Denial of Service", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-1728"], "description": "Memory exhaustion if client fails to receive messages.", "edition": 1, "modified": "2008-04-24T00:00:00", "published": "2008-04-24T00:00:00", "id": "SECURITYVULNS:VULN:8941", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8941", "title": "OpenFire jabber server DoS", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:21", "description": "The remote host is affected by the vulnerability described in GLSA-200804-26\n(Openfire: Denial of Service)\n\n Openfire's connection manager in the file ConnectionManagerImpl.java\n cannot handle clients that fail to read messages, and has no limit on\n their session's send buffer.\n \nImpact :\n\n Remote authenticated attackers could trigger large outgoing queues\n without reading messages, causing a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2008-04-25T00:00:00", "title": "GLSA-200804-26 : Openfire: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1728"], "modified": "2008-04-25T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:openfire"], "id": "GENTOO_GLSA-200804-26.NASL", "href": "https://www.tenable.com/plugins/nessus/32046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-26.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32046);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1728\");\n script_xref(name:\"GLSA\", value:\"200804-26\");\n\n script_name(english:\"GLSA-200804-26 : Openfire: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-26\n(Openfire: Denial of Service)\n\n Openfire's connection manager in the file ConnectionManagerImpl.java\n cannot handle clients that fail to read messages, and has no limit on\n their session's send buffer.\n \nImpact :\n\n Remote authenticated attackers could trigger large outgoing queues\n without reading messages, causing a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Openfire users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/openfire-3.5.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openfire\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/openfire\", unaffected:make_list(\"ge 3.5.0\"), vulnerable:make_list(\"lt 3.5.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Openfire\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-04-01T04:54:51", "description": "The remote host is running Openfire / Wildfire, an instant messaging\nserver supporting the XMPP protocol.\n\nAccording to its version, the installation of Openfire or Wildfire on\nthe remote host suffers from a denial of service vulnerability that\ncould bring the server down because it has no limit on a client\nsession's send buffer and can not handle clients that fail to read\nmessages.", "edition": 28, "published": "2008-04-11T00:00:00", "title": "Openfire < 3.5.0 ConnectionManagerImpl.java Queue Handling Remote DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1728"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:igniterealtime:openfire"], "id": "OPENFIRE_3_5_0.NASL", "href": "https://www.tenable.com/plugins/nessus/31855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31855);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2008-1728\");\n script_bugtraq_id(28722);\n script_xref(name:\"Secunia\", value:\"29751\");\n\n script_name(english:\"Openfire < 3.5.0 ConnectionManagerImpl.java Queue Handling Remote DoS\");\n script_summary(english:\"Checks version in admin login page\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is prone to a denial of\nservice attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Openfire / Wildfire, an instant messaging\nserver supporting the XMPP protocol.\n\nAccording to its version, the installation of Openfire or Wildfire on\nthe remote host suffers from a denial of service vulnerability that\ncould bring the server down because it has no limit on a client\nsession's send buffer and can not handle clients that fail to read\nmessages.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.igniterealtime.org/issues/browse/JM-1289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2008/04/10/7\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Openfire version 3.5.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:igniterealtime:openfire\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Denial of Service\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 9090);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n# nb: banner checks of open source software are prone to false-\n# positives so only run the check if reporting is paranoid.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:9090);\n\n# Grab the version from the admin console's login page.\nw = http_send_recv3(method:\"GET\", item:\"/login.jsp?url=%2Findex.jsp\", port:port);\nif (isnull(w)) exit(1, \"the web server on port \"+port+\" did not answer\");\nres = w[2];\n\nif (\n 'id=\"jive-loginVersion\">' >< res &&\n (\n \"<title>Openfire Admin Console\" >< res &&\n \"Openfire, Version: \" >< res\n ) ||\n (\n \"<title>Wildfire Admin Console\" >< res &&\n \"Wildfire, Version: \" >< res\n )\n)\n{\n prod = strstr(res, \"<title>\") - \"<title>\";\n prod = prod - strstr(prod, \" Admin Console</title>\");\n\n ver = strstr(res, \"fire, Version: \") - \"fire, Version: \";\n if (ver) ver = ver - strstr(ver, '\\n');\n\n # The issue was addressed in version 3.5.0 so treat any\n # versions before that as vulnerable.\n if (\n strlen(ver) && ver =~ \"^([0-2]\\.|3\\.[0-4]\\.)\" &&\n prod =~ \"^(Open|Wild)fire$\"\n )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n prod, \" version \", ver, \" is installed on the remote host.\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:49:22", "description": "Secunia reports :\n\nA vulnerability has been reported in Openfire, which can be exploited\nby malicious people to cause a Denial of Service.\n\nThe vulnerability is caused due to an unspecified error and can be\nexploited to cause a Denial of Service.", "edition": 25, "published": "2008-04-28T00:00:00", "title": "FreeBSD : openfire -- unspecified denial of service (b84a992a-12ab-11dd-bab7-0016179b2dd5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1728"], "modified": "2008-04-28T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:openfire"], "id": "FREEBSD_PKG_B84A992A12AB11DDBAB70016179B2DD5.NASL", "href": "https://www.tenable.com/plugins/nessus/32069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32069);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1728\");\n script_bugtraq_id(28722);\n script_xref(name:\"Secunia\", value:\"29751\");\n\n script_name(english:\"FreeBSD : openfire -- unspecified denial of service (b84a992a-12ab-11dd-bab7-0016179b2dd5)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in Openfire, which can be exploited\nby malicious people to cause a Denial of Service.\n\nThe vulnerability is caused due to an unspecified error and can be\nexploited to cause a Denial of Service.\"\n );\n # http://www.igniterealtime.org/issues/browse/JM-1289\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.igniterealtime.org/browse/JM-1289\"\n );\n # https://vuxml.freebsd.org/freebsd/b84a992a-12ab-11dd-bab7-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?275e295e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openfire\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openfire<3.5.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:47:34", "description": "Andreas Kurtz reports :\n\nThe jabber server Openfire (<= version 3.6.0a) contains several\nserious vulnerabilities. Depending on the particular runtime\nenvironment these issues can potentially even be used by an attacker\nto execute code on operating system level.\n\n- Authentication bypass - This vulnerability provides an attacker full\naccess to all functions in the admin webinterface without providing\nany user credentials. The Tomcat filter which is responsible for\nauthentication could be completely circumvented.\n\n- SQL injection - It is possible to pass SQL statements to the backend\ndatabase through a SQL injection vulnerability. Depending on the\nparticular runtime environment and database permissions it is even\npossible to write files to disk and execute code on operating system\nlevel.\n\n- Multiple Cross-Site Scripting - Permits arbitrary insertion of HTML-\nand JavaScript code in login.jsp. An attacker could also manipulate a\nparameter to specify a destination to which a user will be forwarded\nto after successful authentication.", "edition": 26, "published": "2008-11-21T00:00:00", "title": "FreeBSD : openfire -- multiple vulnerabilities (937adf01-b64a-11dd-a55e-00163e000016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-6509", "CVE-2008-6508", "CVE-2008-6511", "CVE-2008-1728", "CVE-2008-6510", "CVE-2009-1595"], "modified": "2008-11-21T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:openfire"], "id": "FREEBSD_PKG_937ADF01B64A11DDA55E00163E000016.NASL", "href": "https://www.tenable.com/plugins/nessus/34839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34839);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1728\", \"CVE-2008-6508\", \"CVE-2008-6509\", \"CVE-2008-6510\", \"CVE-2008-6511\", \"CVE-2009-1595\");\n\n script_name(english:\"FreeBSD : openfire -- multiple vulnerabilities (937adf01-b64a-11dd-a55e-00163e000016)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andreas Kurtz reports :\n\nThe jabber server Openfire (<= version 3.6.0a) contains several\nserious vulnerabilities. Depending on the particular runtime\nenvironment these issues can potentially even be used by an attacker\nto execute code on operating system level.\n\n- Authentication bypass - This vulnerability provides an attacker full\naccess to all functions in the admin webinterface without providing\nany user credentials. The Tomcat filter which is responsible for\nauthentication could be completely circumvented.\n\n- SQL injection - It is possible to pass SQL statements to the backend\ndatabase through a SQL injection vulnerability. Depending on the\nparticular runtime environment and database permissions it is even\npossible to write files to disk and execute code on operating system\nlevel.\n\n- Multiple Cross-Site Scripting - Permits arbitrary insertion of HTML-\nand JavaScript code in login.jsp. An attacker could also manipulate a\nparameter to specify a destination to which a user will be forwarded\nto after successful authentication.\"\n );\n # http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf579d52\"\n );\n # http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95350c3a\"\n );\n # http://secunia.com/Advisories/32478/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com/Advisories/32478/\"\n );\n # https://vuxml.freebsd.org/freebsd/937adf01-b64a-11dd-a55e-00163e000016.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f03a81ff\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Openfire Admin Console Authentication Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 22, 79, 89, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openfire\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openfire<3.6.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:21", "bulletinFamily": "unix", "cvelist": ["CVE-2008-6509", "CVE-2008-6508", "CVE-2008-6511", "CVE-2008-1728", "CVE-2008-6510", "CVE-2009-1595"], "description": "\nAndreas Kurtz reports:\n\nThe jabber server Openfire (<= version 3.6.0a) contains several\n\t serious vulnerabilities. Depending on the particular runtime\n\t environment these issues can potentially even be used by an\n\t attacker to execute code on operating system level.\n\nAuthentication bypass - This vulnerability provides an attacker\n\t full access to all functions in the admin webinterface without\n\t providing any user credentials. The Tomcat filter which is\n\t responsible for authentication could be completely\n\t circumvented.\nSQL injection - It is possible to pass SQL statements to the\n\t backend database through a SQL injection vulnerability. Depending\n\t on the particular runtime environment and database permissions it\n\t is even possible to write files to disk and execute code on\n\t operating system level.\nMultiple Cross-Site Scripting - Permits arbitrary insertion\n\t of HTML- and JavaScript code in login.jsp. An attacker could\n\t also manipulate a parameter to specify a destination to which a\n\t user will be forwarded to after successful authentication.\n\n\n", "edition": 4, "modified": "2010-05-02T00:00:00", "published": "2008-11-07T00:00:00", "id": "937ADF01-B64A-11DD-A55E-00163E000016", "href": "https://vuxml.freebsd.org/freebsd/937adf01-b64a-11dd-a55e-00163e000016.html", "title": "openfire -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}