Arch Linux: ASA-201601-3 Medium: Gajim Man-In-The-Middle Attack
Jan 09, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package gajim before version 0.16.5-1 is vulnerable to man-in-the-middle.
Arch Linux Security Advisory ASA-201601-3 ======================================== Severity: Medium Date : 2016-01-09 CVE-ID : CVE-2015-8688 Package : gajim Type : man-in-the-middle Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package gajim before version 0.16.5-1 is vulnerable to man-in-the-middle. Resolution ========= Upgrade to 0.16.5-1. # pacman -Syu "gajim>=0.16.5-1" The problem has been fixed upstream in version 0.16.5. Workaround ========= None. Description ========== It was found that gajim doesn't verify the origin of roster pushes thus allowing third parties to modify the roster. This vulnerability allows to intercept messages resulting in man-in-the-middle. Impact ===== A remote attacker is able to intercept messages due to unverified origin of roster resulting in man-in-the-middle. References ========= https://access.redhat.com/security/cve/CVE-2015-8688 https://gultsch.de/posts/gajim-roster-push_and-message-interception/ https://bugs.archlinux.org/task/47647
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!