MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Link | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1403790 | third party advisory issue tracking exploit |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258 | third party advisory exploit |
| https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw | third party advisory patch |
| https://gultsch.de/gajim_roster_push_and_message_interception.html | third party advisory |
| http://www.openwall.com/lists/oss-security/2017/02/09/29 | third party advisory mailing list |
| http://www.openwall.com/lists/oss-security/2016/12/11/2 | third party advisory mailing list |
| http://www.securityfocus.com/bid/94862 | third party advisory vdb entry |
| http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html | third party advisory mailing list |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00031.html | third party advisory mailing list |
| https://usn.ubuntu.com/4506-1/ | third party advisory vendor advisory |