[ejabberd] Possible security issue with ejabberd 2.1.2 (format string attack) ?
badlop at gmail.com
Thu May 27 15:29:34 MSD 2010
> 2010/5/27 SegFault <segfaultmaker at gmail.com>:
>> I'm not an expert, but I was running test with OpenVAS (nessus equivalent in
>> opensource) to test my server and here what he said under jabber-server
>> (5269/tcp) :
>> Reported by NVT "Generic format string" (22.214.171.124.4.1.256126.96.36.19933):
Oh, I forgot an important sentence in my email:
2010/5/27 Badlop <badlop at gmail.com>:
> Regarding ejabberd, I installed and tested:
> ejabberd 2.1.x, 2.1.3, 2.1.2, 2.1.1, 2.1.0
> During the tests, ejabberd got connections to the listened ports.
+ "and finally OpenVAS didn't provide any warnings under the 5222,
5269, ... ports, with any ejabberd version."
> I had all OpenVAS components enabled, 12157 in total.
> So, I coundn't reproduce what you say.
More information about the ejabberd