Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Arch Linux: ASA-201612-21 High Severity Openfire Threats

Calendar Dec 27, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Archlinux Large Esm H500
Topics%20covered

Topics Covered

security advisory high severity privilege escalation cross-site scripting cross-site request forgery openfire
The package openfire before version 4.1.0-1 is vulnerable to multiple issues including privilege escalation, cross-site request forgery and cross-site scripting. 
Arch Linux Security Advisory ASA-201612-21
=========================================
Severity: High
Date    : 2016-12-23
CVE-ID  : CVE-2015-6972 CVE-2015-6973 CVE-2015-7707
Package : openfire
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-15

Summary
======
The package openfire before version 4.1.0-1 is vulnerable to multiple
issues including privilege escalation, cross-site request forgery and
cross-site scripting.

Resolution
=========
Upgrade to 4.1.0-1.

# pacman -Syu "openfire>=4.1.0-1"

The problems have been fixed upstream in version 4.1.0.

Workaround
=========
None.

Description
==========
- CVE-2015-6972 (cross-site scripting)

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime
Openfire 3.10.2 allow remote attackers to inject arbitrary web script
or HTML via the (1) groupchatName parameter to
plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to
plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter
to server-session-details.jsp; or the (4) search parameter to group-
summary.jsp.

- CVE-2015-6973 (cross-site request forgery)

Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite
Realtime Openfire 3.10.2 allow remote attackers to hijack the
authentication of administrators for requests that (1) change a
password via a crafted request to user-password.jsp, (2) add users via
a crafted request to user-create.jsp, (3) edit server settings or (4)
disable SSL on the server via a crafted request to server-props.jsp, or
(5) add clients via a crafted request to
plugins/clientcontrol/permitted-clients.jsp.

- CVE-2015-7707 (privilege escalation)

Ignite Realtime Openfire 3.10.2 allows remote authenticated users to
gain administrator access via the isadmin parameter to user-edit-
form.jsp.

Impact
=====
A remote attacker is able to escalate privileges, perform cross-site
request forgery and cross-site scripting.

References
=========
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt
https://igniterealtime.atlassian.net/browse/OF-942
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt
https://igniterealtime.atlassian.net/browse/OF-941
https://security.archlinux.org/CVE-2015-6972
https://security.archlinux.org/CVE-2015-6973
https://security.archlinux.org/CVE-2015-7707

Related News

Your message here