[ejabberd] Possible security issue with ejabberd 2.1.2 (format string attack) ?

Badlop badlop at gmail.com
Thu May 27 15:29:34 MSD 2010


> 2010/5/27 SegFault <segfaultmaker at gmail.com>:
>> I'm not an expert, but I was running test with OpenVAS (nessus equivalent in
>> opensource) to test my server and here what he said under jabber-server
>> (5269/tcp) :
>> ---
>> Reported by NVT "Generic format string" (1.3.6.1.4.1.25623.1.0.11133):


Oh, I forgot an important sentence in my email:

2010/5/27 Badlop <badlop at gmail.com>:
> Regarding ejabberd, I installed and tested:
> ejabberd 2.1.x, 2.1.3, 2.1.2, 2.1.1, 2.1.0
>
> During the tests, ejabberd got connections to the listened ports.

+ "and finally OpenVAS didn't provide any warnings under the 5222,
5269, ... ports, with any ejabberd version."

> I had all OpenVAS components enabled, 12157 in total.
>
> So, I coundn't reproduce what you say.


---
Badlop
ProcessOne


More information about the ejabberd mailing list