[ejabberd] Possible security issue with ejabberd 2.1.2 (format string attack) ?

SegFault segfaultmaker at gmail.com
Thu May 27 21:58:31 MSD 2010


Hi,

Thanks for your answer.
I enabled all openvas component, but they are updated using command "openvas-
nvt-sync", I have about 17200 component. Don't know if difference can come from 
here.

Le jeudi 27 mai 2010 13:29:34, Badlop a écrit :
> > 2010/5/27 SegFault <segfaultmaker at gmail.com>:
> >> I'm not an expert, but I was running test with OpenVAS (nessus
> >> equivalent in opensource) to test my server and here what he said under
> >> jabber-server (5269/tcp) :
> >> ---
> 
> >> Reported by NVT "Generic format string" (1.3.6.1.4.1.25623.1.0.11133):
> Oh, I forgot an important sentence in my email:
> 
> 2010/5/27 Badlop <badlop at gmail.com>:
> > Regarding ejabberd, I installed and tested:
> > ejabberd 2.1.x, 2.1.3, 2.1.2, 2.1.1, 2.1.0
> > 
> > During the tests, ejabberd got connections to the listened ports.
> 
> + "and finally OpenVAS didn't provide any warnings under the 5222,
> 5269, ... ports, with any ejabberd version."
> 
> > I had all OpenVAS components enabled, 12157 in total.
> > 
> > So, I coundn't reproduce what you say.
> 
> ---
> Badlop
> ProcessOne
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd


More information about the ejabberd mailing list