Debian Security Advisory DSA 1774-1 (ejabberd) Network Vulnerability

Summary

The remote host is missing an update to ejabberd announced via advisory DSA 1774-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201774-1

Insight

It was discovered that ejabberd, a distributed, fault-tolerant Jabber/XMPP server, does not sufficiently sanitise MUC logs, allowing remote attackers to perform cross-site scripting (XSS) attacks. For the stable distribution (lenny), this problem has been fixed in version 2.0.1-6+lenny1. The oldstable distribution (etch) is not affected by this issue. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.0.5-1. We recommend that you upgrade your ejabberd packages.

Severity

Classification

CVE CVE-2009-0934
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 094-1 (mailman)
Debian Security Advisory DSA 1144-1 (chmlib)
Debian Security Advisory DSA 1102-1 (pinball)
Debian Security Advisory DSA 1022-1 (storebackup)
Debian Security Advisory DSA 1121-1 (postgrey)

Take action and discover your vulnerabilities