[ejabberd] Possible security issue with ejabberd 2.1.2 (format string attack) ?
segfaultmaker at gmail.com
Thu May 27 21:58:31 MSD 2010
Thanks for your answer.
I enabled all openvas component, but they are updated using command "openvas-
nvt-sync", I have about 17200 component. Don't know if difference can come from
Le jeudi 27 mai 2010 13:29:34, Badlop a écrit :
> > 2010/5/27 SegFault <segfaultmaker at gmail.com>:
> >> I'm not an expert, but I was running test with OpenVAS (nessus
> >> equivalent in opensource) to test my server and here what he said under
> >> jabber-server (5269/tcp) :
> >> ---
> >> Reported by NVT "Generic format string" (188.8.131.52.4.1.256184.108.40.20633):
> Oh, I forgot an important sentence in my email:
> 2010/5/27 Badlop <badlop at gmail.com>:
> > Regarding ejabberd, I installed and tested:
> > ejabberd 2.1.x, 2.1.3, 2.1.2, 2.1.1, 2.1.0
> > During the tests, ejabberd got connections to the listened ports.
> + "and finally OpenVAS didn't provide any warnings under the 5222,
> 5269, ... ports, with any ejabberd version."
> > I had all OpenVAS components enabled, 12157 in total.
> > So, I coundn't reproduce what you say.
> ejabberd mailing list
> ejabberd at jabber.ru
More information about the ejabberd