Search...

Fedora Update for smack FEDORA-2015-0046

2015-01-12T00:00:00

ID OPENVAS:1361412562310868918
Type openvas
Reporter Copyright (C) 2015 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for smack FEDORA-2015-0046
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.868918");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2015-01-12 05:51:58 +0100 (Mon, 12 Jan 2015)");
  script_cve_id("CVE-2014-0364", "CVE-2014-0363");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_name("Fedora Update for smack FEDORA-2015-0046");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'smack'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"smack on Fedora 21");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2015-0046");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147885.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC21");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC21")
{

  if ((res = isrpmvuln(pkg:"smack", rpm:"smack~4.0.6~1.fc21", rls:"FC21")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310868918", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for smack FEDORA-2015-0046", "description": "The remote host is missing an update for the ", "published": "2015-01-12T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868918", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["2015-0046", "https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147885.html"], "cvelist": ["CVE-2014-0363", "CVE-2014-0364"], "lastseen": "2019-05-29T18:36:07", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-0046", "CVE-2014-0363", "CVE-2014-0364"]}, {"type": "cert", "idList": ["VU:489228"]}, {"type": "fedora", "idList": ["FEDORA:EF85D6087BB0", "FEDORA:BB4CC60CA23D", "FEDORA:97DDB6087C7B"]}, {"type": "redhat", "idList": ["RHSA-2014:0819", "RHSA-2015:1176", "RHSA-2015:0046", "RHSA-2014:0818"]}, {"type": "nessus", "idList": ["FEDORA_2014-16383.NASL", "FEDORA_2014-16312.NASL", "FEDORA_2015-0046.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868607", "OPENVAS:1361412562310868719"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31001"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0046"]}], "modified": "2019-05-29T18:36:07", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2019-05-29T18:36:07", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "1361412562310868918", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smack FEDORA-2015-0046\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868918\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-12 05:51:58 +0100 (Mon, 12 Jan 2015)\");\n script_cve_id(\"CVE-2014-0364\", \"CVE-2014-0363\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for smack FEDORA-2015-0046\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'smack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"smack on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-0046\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147885.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"smack\", rpm:\"smack~4.0.6~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-25T14:08:02", "description": "The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.", "edition": 7, "cvss3": {}, "published": "2014-04-30T10:49:00", "title": "CVE-2014-0363", "type": "cve", "cwe": ["CWE-295"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0363"], "modified": "2021-02-23T16:12:00", "cpe": [], "id": "CVE-2014-0363", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0363", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-25T14:08:02", "description": "The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.", "edition": 7, "cvss3": {}, "published": "2014-04-30T10:49:00", "title": "CVE-2014-0364", "type": "cve", "cwe": ["CWE-345"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0364"], "modified": "2021-02-23T16:13:00", "cpe": [], "id": "CVE-2014-0364", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0364", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0363", "CVE-2014-0364"], "description": "Smack is an Open Source XMPP (Jabber) client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices. ", "modified": "2015-01-11T10:57:16", "published": "2015-01-11T10:57:16", "id": "FEDORA:EF85D6087BB0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: smack-4.0.6-1.fc21", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0363"], "description": "Smack is an Open Source XMPP (Jabber) client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices. ", "modified": "2014-12-13T09:34:53", "published": "2014-12-13T09:34:53", "id": "FEDORA:BB4CC60CA23D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: smack-3.2.2-8.fc21", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0363", "CVE-2014-5075"], "description": "Smack is an Open Source XMPP (Jabber) client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices. ", "modified": "2014-12-15T04:29:51", "published": "2014-12-15T04:29:51", "id": "FEDORA:97DDB6087C7B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: smack-3.2.2-6.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:41:30", "bulletinFamily": "info", "cvelist": ["CVE-2014-0363", "CVE-2014-0364"], "description": "### Overview \n\nIgnite Realtime's Smack XMPP API `ServerTrustManger` trusts unauthorized SSL certificates ([CWE-358](<https://cwe.mitre.org/data/definitions/358.html>)) and IQ requests do not verify the `from` attribute allowing anyone to spoof IQ responses. ([CWE-345](<https://cwe.mitre.org/data/definitions/345.html>))\n\n### Description \n\n**CWE-358: ****Improperly Implemented Security Check for Standard**** \\- CVE-2014-0363**\n\nThe implementation of `ServerTrustManger` in Smack API version 3.4.1, and possibly earlier versions, does not properly verify the `basicConstraints` and `nameConstraints` of a certificate within a certificate chain. \n \n**CWE-345: Insufficient Verification of Data Authenticity - CVE-2014-0364** \nThe implementation of `ParseRoster` in Smack API version 3.4.1, and possibly earlier versions, does not properly verify the `from` attribute for roster queries. \n \nThe CVSS score below is for CVE-2014-0363. \n \n--- \n \n### Impact \n\nA remote unauthenticated attacker may be able to perform a man-in-the-middle attack, add roster entries or spoof IQ responses. \n \n--- \n \n### Solution \n\n**Apply an Update** \n \n[Smack API version 4.0.0](<http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released>) addresses these vulnerabilities. At the time of publication only a release candidate for version 4.0.0 was available. \n \n--- \n \n### Vendor Information\n\n489228\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Ignite Realtime Affected\n\nUpdated: April 29, 2014 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.igniterealtime.org/projects/smack/>\n * <http://issues.igniterealtime.org/browse/SMACK-410>\n * <http://issues.igniterealtime.org/browse/SMACK-533>\n * <http://issues.igniterealtime.org/browse/SMACK-538>\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5.7 | AV:A/AC:M/Au:N/C:C/I:N/A:N \nTemporal | 4.5 | E:POC/RL:OF/RC:C \nEnvironmental | 5.5 | CDP:LM/TD:M/CR:H/IR:L/AR:L \n \n \n\n\n### References \n\n * <http://www.igniterealtime.org/projects/smack/>\n * <http://issues.igniterealtime.org/browse/SMACK-410>\n * <http://issues.igniterealtime.org/browse/SMACK-533>\n * <http://issues.igniterealtime.org/browse/SMACK-538>\n * <https://cwe.mitre.org/data/definitions/358.html>\n * <https://cwe.mitre.org/data/definitions/345.html>\n\n### Acknowledgements\n\nThanks to Ryan Sleevi for identifying the vulnerability in ServerTrustManager and Thijs Alkemade for identifying the IQ validation vulnerability and Florian Schmaus for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2014-0363](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-0363>), [CVE-2014-0364](<http://web.nvd.nist.gov/vuln/detail/CVE-2014-0364>) \n---|--- \n**Date Public:** | 2014-04-29 \n**Date First Published:** | 2014-04-29 \n**Date Last Updated: ** | 2014-04-29 14:11 UTC \n**Document Revision: ** | 16 \n", "modified": "2014-04-29T14:11:00", "published": "2014-04-29T00:00:00", "id": "VU:489228", "href": "https://www.kb.cert.org/vuls/id/489228", "type": "cert", "title": "Ignite Realtime Smack XMPP API contains multiple vulnerabilities", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2019-05-29T14:33:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0107", "CVE-2014-0363", "CVE-2014-0364"], "description": "Red Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes.\n\nThis release of Red Hat JBoss BPM Suite 6.0.2 serves as a replacement for\nRed Hat JBoss BPM Suite 6.0.1, and includes bug fixes and enhancements.\nRefer to the Red Hat JBoss BPM Suite 6.0.2 Release Notes for information\non the most significant of these changes. The Release Notes will be\navailable shortly at\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BPM_Suite/\n\nThe following security issues are fixed with this release:\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features. A\nremote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the ServerTrustManager in the Smack XMPP API did not\nverify basicConstraints and nameConstraints in X.509 certificate chains. A\nman-in-the-middle attacker could use this flaw to spoof servers and obtain\nsensitive information. (CVE-2014-0363)\n\nIt was found that the ParseRoster component in the Smack XMPP API did not\nverify the From attribute of a roster-query IQ stanza. A remote attacker\ncould use this flaw to spoof IQ responses. (CVE-2014-0364)\n\nAll users of Red Hat JBoss BPM Suite 6.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.0.2.", "modified": "2019-02-20T17:16:11", "published": "2014-07-01T00:43:02", "id": "RHSA-2014:0819", "href": "https://access.redhat.com/errata/RHSA-2014:0819", "type": "redhat", "title": "(RHSA-2014:0819) Important: Red Hat JBoss BPM Suite 6.0.2 update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:36", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0107", "CVE-2014-0193", "CVE-2014-0363", "CVE-2014-0364"], "description": "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis release of Red Hat JBoss BRMS 6.0.2 serves as a replacement for Red\nHat JBoss BRMS 6.0.1, and includes bug fixes and enhancements. Refer to the\nRed Hat JBoss BRMS 6.0.2 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available shortly\nat https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BRMS/\n\nThe following security issues are fixed with this release:\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the ServerTrustManager in the Smack XMPP API did not\nverify basicConstraints and nameConstraints in X.509 certificate chains.\nA man-in-the-middle attacker could use this flaw to spoof servers and\nobtain sensitive information. (CVE-2014-0363)\n\nIt was found that the ParseRoster component in the Smack XMPP API did not\nverify the From attribute of a roster-query IQ stanza. A remote attacker\ncould use this flaw to spoof IQ responses. (CVE-2014-0364)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that could\nallow a remote attacker to trigger an Out Of Memory Exception by issuing a\nseries of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on\nthe server configuration, this could lead to a denial of service.\n(CVE-2014-0193)\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue.\n\nAll users of Red Hat JBoss BRMS 6.0.1 as provided from the Red Hat Customer\nPortal are advised to upgrade to Red Hat JBoss BRMS 6.0.2.", "modified": "2019-02-20T17:16:11", "published": "2014-07-01T00:42:20", "id": "RHSA-2014:0818", "href": "https://access.redhat.com/errata/RHSA-2014:0818", "type": "redhat", "title": "(RHSA-2014:0818) Important: Red Hat JBoss BRMS 6.0.2 update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:32:18", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2487", "CVE-2012-6153", "CVE-2013-7397", "CVE-2013-7398", "CVE-2014-0363", "CVE-2014-0364", "CVE-2014-3577", "CVE-2014-4651", "CVE-2014-5075", "CVE-2014-8175", "CVE-2015-0226", "CVE-2015-0227", "CVE-2015-1796", "CVE-2016-3088"], "description": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform.\n\nThe following security fixes are addressed in this release:\n\nIt was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle (MITM) attacker could use this flaw to spoof a valid certificate. (CVE-2013-7397)\n\nIt was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2013-7398)\n\nIt was found that the ServerTrustManager in the Smack XMPP API did not\nverify basicConstraints and nameConstraints in X.509 certificate chains. A\nman-in-the-middle attacker could use this flaw to spoof servers and obtain\nsensitive information. (CVE-2014-0363)\n\nIt was found that the ParseRoster component in the Smack XMPP API did not\nverify the From attribute of a roster-query IQ stanza. A remote attacker\ncould use this flaw to spoof IQ responses. (CVE-2014-0364)\n\nIt was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577)\n\nIt was found that the JClouds scriptbuilder Statements class writes a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, denial of service, or other attacks. (CVE-2014-4651)\n\nIt was found that SSLSocket in Smack did not perform hostname verification. An attacker could redirect traffic between an application and an XMPP server by providing a valid certificate for a domain under the attacker's control. (CVE-2014-5075)\n\nIt was found that JBoss Fuse would allow any user defined in the users.properties file to access the HawtIO console without having a valid admin role. This could allow a remote attacker to bypass intended authentication HawtIO console access restrictions. (CVE-2014-8175)\n\nIt was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226)\n\nIt was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. (CVE-2015-0227)\n\nIt was found that PKIX trust components allowed an X509 credential to be trusted if no trusted names were available for the entityID. An attacker could use a certificate issued by a shibmd:KeyAuthority trust anchor to impersonate an entity within the scope of that keyAuthority. (CVE-2015-1796)\n\nThe CVE-2014-8175 issue was reported by Jay Kumar SenSharma of Red Hat.", "modified": "2019-10-10T20:35:31", "published": "2015-06-23T20:46:09", "id": "RHSA-2015:1176", "href": "https://access.redhat.com/errata/RHSA-2015:1176", "type": "redhat", "title": "(RHSA-2015:1176) Important: Red Hat JBoss Fuse 6.2.0 update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:13:09", "description": "update to 4.0.6. fix CVE-2014-0364\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-01-12T00:00:00", "title": "Fedora 21 : smack-4.0.6-1.fc21 (2015-0046)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0364"], "modified": "2015-01-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:smack"], "id": "FEDORA_2015-0046.NASL", "href": "https://www.tenable.com/plugins/nessus/80448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-0046.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80448);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0364\");\n script_bugtraq_id(67124);\n script_xref(name:\"FEDORA\", value:\"2015-0046\");\n\n script_name(english:\"Fedora 21 : smack-4.0.6-1.fc21 (2015-0046)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to 4.0.6. fix CVE-2014-0364\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1093276\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147885.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20bc95d8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected smack package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"smack-4.0.6-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smack\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:12:21", "description": "fix for CVE-2014-0363 (rhbz#1093274)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-12-15T00:00:00", "title": "Fedora 21 : smack-3.2.2-8.fc21 (2014-16312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0363"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:smack"], "id": "FEDORA_2014-16312.NASL", "href": "https://www.tenable.com/plugins/nessus/79931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16312.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79931);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0363\");\n script_xref(name:\"FEDORA\", value:\"2014-16312\");\n\n script_name(english:\"Fedora 21 : smack-3.2.2-8.fc21 (2014-16312)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix for CVE-2014-0363 (rhbz#1093274)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1093273\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145995.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3a19939\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected smack package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"smack-3.2.2-8.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smack\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:12:22", "description": "fix for CVE-2014-0363 (rhbz#1093274)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-12-15T00:00:00", "title": "Fedora 20 : smack-3.2.2-6.fc20 (2014-16383)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0363"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:smack"], "id": "FEDORA_2014-16383.NASL", "href": "https://www.tenable.com/plugins/nessus/79939", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16383.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79939);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0363\");\n script_xref(name:\"FEDORA\", value:\"2014-16383\");\n\n script_name(english:\"Fedora 20 : smack-3.2.2-6.fc20 (2014-16383)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix for CVE-2014-0363 (rhbz#1093274)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1093273\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146206.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f7ff5e0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected smack package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:smack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"smack-3.2.2-6.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smack\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0363"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868719", "type": "openvas", "title": "Fedora Update for smack FEDORA-2014-16312", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smack FEDORA-2014-16312\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868719\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:46:28 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-0363\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for smack FEDORA-2014-16312\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'smack'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"smack on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16312\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145995.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"smack\", rpm:\"smack~3.2.2~8.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5075", "CVE-2014-0363"], "description": "Check the version of smack", "modified": "2019-03-15T00:00:00", "published": "2014-12-15T00:00:00", "id": "OPENVAS:1361412562310868607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868607", "type": "openvas", "title": "Fedora Update for smack FEDORA-2014-16383", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for smack FEDORA-2014-16383\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868607\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-15 05:56:52 +0100 (Mon, 15 Dec 2014)\");\n script_cve_id(\"CVE-2014-0363\", \"CVE-2014-5075\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for smack FEDORA-2014-16383\");\n script_tag(name:\"summary\", value:\"Check the version of smack\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"smack on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16383\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146206.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"smack\", rpm:\"smack~3.2.2~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-5075", "CVE-2014-0363"], "description": "\r\n\r\nCVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java\r\n===================================================================\r\n\r\nSmack <http://www.igniterealtime.org/projects/smack/> is an Open Source\r\nXMPP (Jabber) client library for instant messaging and presence written\r\nin Java. Smack prior to version 4.0.2 is vulnerable to TLS\r\nMan-in-the-Middle attacks, as it fails to check if the server\r\ncertificate matches the hostname of the connection.\r\n\r\nAffected versions\r\n-----------------\r\n\r\n- Smack 4.0.0 and 4.0.1 are vulnerable.\r\n- Smack 2.x and 3.x are vulnerable if a custom `SSLContext` is\r\n supplied via `connectionConfiguration.setCustomSSLContext()`.\r\n\r\nDetails\r\n-------\r\n\r\nSmack is using Java's `SSLSocket`, which checks the peer certificate\r\nusing an `X509TrustManager`, but does not perform hostname verification.\r\nTherefore, it is possible to redirect the traffic between a Smack-using\r\napplication and a legitimate XMPP server through the attacker's server,\r\nmerely by providing a valid certificate for a domain under the\r\nattacker's control.\r\n\r\nIn Smack versions 2.2.0 to 3.4.1, a custom `ServerTrustManager`\r\nimplementation was used, which was supplied with the connection's server\r\nname, and performed hostname verification. However, it failed to verify\r\nthe basicConstraints and nameConstraints of the certificate chain\r\n(CVE-2014-0363, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0363)\r\nand has been removed in Smack 4.0.0.\r\n\r\nApplications using Smack 2.2.0 to 3.4.1 with a custom `TrustManager` did\r\nnot benefit from `ServerTrustManager` and are vulnerable as well, unless\r\ntheir own `TrustManager` implementation explicitly performs hostname\r\nverification.\r\n\r\nMitigation\r\n----------\r\n\r\nUsers of the Smack library are advised to upgrade to Smack 4.0.2, and\r\nthen use `connectionConfiguration.setHostnameVerifier()` with a\r\nreasonable `HostnameVerifier` implementation. A proper hostname verifier\r\n**MUST** be configured to close the vulnerability.\r\n\r\nFor Smack 3.x users, a backported commit has been created:\r\n\r\nhttps://github.com/ge0rg/smack/commit/8d483b25bda7ae86a3f3e83217c2add6d710798a\r\n\r\nHere, a `HostnameVerifier` implementation needs to be\r\nsupplied via `connectionConfiguration.setHostnameVerifier()` as well.\r\n\r\nWhen using the official JRE, the internal class\r\n`sun.security.util.HostnameChecker` can be wrapped as described\r\nhere:\r\n\r\nhttp://kevinlocke.name/bits/2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/\r\n\r\nIf Apache's HttpClient library is available, its `StrictHostnameVerifier` can\r\nbe used.\r\n\r\nOn Android, MemorizingTrustManager provides both certificate checking and\r\nhostname verification with interactive fallback, allowing the user to decide\r\nabout the trustworthiness of a server:\r\n\r\nhttps://github.com/ge0rg/MemorizingTrustManager/\r\n\r\nAffected Applications\r\n---------------------\r\n\r\nSmack is a library used by different applications. Therefore, the\r\nauthors of the following Smack-based applications have been contacted to\r\ncoordinate updated releases:\r\n\r\n- ChatSecure (fixed in 13.2.0-beta1)\r\n- GTalkSMS (contacted on 2014-07-28)\r\n- MAXS (fixed in 0.0.1.18)\r\n- yaxim and Bruno (fixed in 0.8.8)\r\n- *undisclosed Android application* (contacted on 2014-07-21)\r\n\r\nThe following Smack-based applications were not affected:\r\n\r\n- TransVerse (special interest client)\r\n- Xabber (using a custom `TrustManager` performing hostname verification)\r\n\r\nTimeline\r\n--------\r\n\r\n- 2014-07-20 Discovery of Smack vulnerability, notification of Smack\r\n maintainer\r\n- 2014-07-21 Notification of vulnerable apps' authors\r\n- 2014-07-27 Release of Smack 4.0.2\r\n- 2014-08-01 Release of MAXS 0.0.1.18\r\n- 2014-08-04 Release of yaxim 0.8.8\r\n- 2014-08-05 Release of ChatSecure 13.2.0 beta 1\r\n- 2014-08-05 Publication of this advisory\r\n\r\nLinks\r\n-----\r\n\r\nOnline version of advisory:\r\nhttp://op-co.de/CVE-2014-5075.html\r\n\r\nPDF version:\r\nhttp://op-co.de/CVE-2014-5075.pdf\r\n\r\n-- Dr. Georg Lukas rt-solutions.de GmbH Oberlander Ufer 190a D-50968 Koln Tel. : (+49)221 93724 0 Fax : (+49)221 93724 50 Mobil: (+49)179 4176591 Web : www.rt-solutions.de\r\n\r\n", "edition": 1, "modified": "2014-08-11T00:00:00", "published": "2014-08-11T00:00:00", "id": "SECURITYVULNS:DOC:31001", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31001", "title": "CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}