included patch for 'Vulnerability in XMPP Server Dialback Implementations'

http://xmpp.org/resources/security-notices/server-dialback/

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Mac OS X 10.8 host has a version of OS X Server installed that is prior to 2.1.1. It is, therefore, affected by the following vulnerabilities :

  - When the xml2 contrib module is enabled in PostgreSQL,     an unprivileged database user can read or write     arbitrary files, subject to the privileges under which     the PostgreSQL server runs, when processing specially-     crafted XSLT documents. (CVE-2012-3488)

  - An unprivileged database user can read arbitrary files,     subject to the privileges under which the PostgreSQL     server runs, because 'xml_parse()' attempts to fetch     external files or URLs as needed to resolve DTD and     entity references in an XML value. (CVE-2012-3489)

  - A malicious XMPP server can spoof domains via a Verify     Response or an Authorization Response because the Jabber     server processes unsolicited XMPP Server Dialback     responses. (CVE-2012-3525)

XMPP Standards Foundation reports :

Some implementations of the XMPP Server Dialback protocol (RFC 3920/XEP-0220) have not been checking dialback responses to ensure that validated results are correlated with requests.

An attacking server could spoof one or more domains in communicating with a vulnerable server implementation, thereby avoiding the protections built into the Server Dialback protocol.

included patch for 'Vulnerability in XMPP Server Dialback Implementations'

http://xmpp.org/resources/security-notices/server-dialback/

fix for systemd scripts

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-001 applied.  This update contains numerous security-related fixes for the following components :

  - Apache
  - CoreTypes (10.7 only)
  - International Components for Unicode
  - Identity Services (10.7 only)
  - ImageIO
  - Messages Server (Server only)
  - PDFKit
  - Podcast Producer Server (Server only)
  - PostgreSQL (Server only)
  - Profile Manager (10.7 Server only)
  - QuickTime
  - Ruby (10.6 Server only)
  - Security
  - Software Update
  - Wiki Server (10.7 Server only)

Note that the update also runs a malware removal tool that will remove the most common variants of malware.

The remote Redhat Enterprise Linux 5 / 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2012:1538 advisory.

    This package provides jabberd 2, an Extensible Messaging and Presence     Protocol (XMPP) server used for XML based communication.

    It was discovered that the XMPP Dialback protocol implementation in     jabberd 2 did not properly validate Verify Response and Authorization     Response messages. A remote attacker able to connect to the jabberd's     server-to-server communication port could possibly use this flaw to spoof     source domains of the XMPP messages. (CVE-2012-3525)

    Users of Red Hat Network Satellite 5.5 are advised to upgrade to this     updated jabberd package, which resolves this issue. For this update to take     effect, Red Hat Network Satellite must be restarted. Refer to the Solution     section for details.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An updated jabberd package that fixes one security issue is now available for Red Hat Network Proxy 5.5 for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

This package provides jabberd 2, an Extensible Messaging and Presence Protocol (XMPP) server used for XML based communication.

It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. (CVE-2012-3525)

Users of Red Hat Network Proxy 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Proxy must be restarted. Refer to the Solution section for details.

The remote host is running a version of Mac OS X 10.8 that is older than version 10.8.3. The newer version contains numerous security-related fixes :

  - A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences. This issue was addressed by updating mod_hfs_apple to forbid access to URIs with ignorable Unicode character sequences. (CVE-2013-0966)
  - Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory. (CVE-2013-0967)
  - A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table. (CVE-2011-3058)
  - An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string. (CVE-2013-0963)
  - Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images. (CVE-2012-2088)
  - A memory corruption issue existed in the handling of graphics data. This issue was addressed through improved bounds checking.(CVE-2013-0976)
  - An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. (CVE-2012-3749)
  - A logic error existed in VoiceOver's handling of the Login Window, whereby an attacker with access to the keyboard could launch System Preferences and modify the system configuration. This issue was addressed by preventing VoiceOver from launching applications at the Login Window. (CVE-2013-0969)
  - Clicking on a specifically-formatted FaceTime:// URL in Messages could bypass the standard confirmation prompt. This issue was addressed by additional validation of FaceTime:// URLs. (CVE-2013-0970)
  - An issue existed in the Jabber server's handling of dialback result messages. An attacker may cause the Jabber server to disclose information intended for users of federated servers. This issue was addressed through improved handling of dialback result messages. (CVE-2012-3525)
  - Description: A use after free issue existed in the handling of ink annotations in PDF files. This issue was addressed through improved memory management. (CVE-2013-0971)
  - A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Podcast Producer Server. (CVE-2013-0156)
  - A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking. (CVE-2012-3756)

ID	Name	Product	Family	Published	Updated	Severity
61757	Fedora 16 : jabberd-2.2.14-4.fc16 (2012-12481)	Nessus	Fedora Local Security Checks	9/4/2012	1/11/2021	medium
62801	Mac OS X : OS X Server < 2.1.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	11/2/2012	7/14/2018	medium
61639	FreeBSD : jabberd -- domain spoofing in server dialback protocol (4d1d2f6d-ec94-11e1-8bd8-0022156e8794)	Nessus	FreeBSD Local Security Checks	8/23/2012	1/6/2021	medium
62138	Fedora 18 : jabberd-2.2.17-1.fc18 (2012-12418)	Nessus	Fedora Local Security Checks	9/18/2012	1/11/2021	medium
65578	Mac OS X Multiple Vulnerabilities (Security Update 2013-001)	Nessus	MacOS X Local Security Checks	3/15/2013	5/28/2024	high
61758	Fedora 17 : jabberd-2.2.14-4.fc17 (2012-12487)	Nessus	Fedora Local Security Checks	9/4/2012	1/11/2021	medium
64066	RHEL 5 / 6 : Red Hat Network Satellite server jabberd (RHSA-2012:1538)	Nessus	Red Hat Local Security Checks	1/24/2013	6/3/2024	critical
64067	RHEL 5 / 6 : jabberd (RHSA-2012:1539)	Nessus	Red Hat Local Security Checks	1/24/2013	1/14/2021	medium
6717	Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)	Nessus Network Monitor	Web Clients	3/16/2013	3/6/2019	high
801018	Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)	Log Correlation Engine	Operating System Detection	3/16/2013		high

Detections

Analytics

Plugins Search

medium

medium

medium

medium

high

medium

critical

medium

high

high