Summaryinfo

A vulnerability categorized as critical has been discovered in psyced 20081120/20090323/20090617/20111122. The affected element is an unknown function of the component XMPP Server Dialback. Executing a manipulation can lead to input validation. The identification of this vulnerability is CVE-2012-4671. There is no exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical was found in psyced 20081120/20090323/20090617/20111122. This vulnerability affects an unknown functionality of the component XMPP Server Dialback. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect confidentiality, and integrity. CVE summarizes:

psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

The weakness was shared 08/25/2012 (Website). The advisory is shared for download at xmpp.org. This vulnerability was named CVE-2012-4671 since 08/25/2012. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.

Upgrading to version 20090323 eliminates this vulnerability.

The entries VDB-6093 and VDB-61802 are related to this item. Once again VulDB remains the best source for vulnerability data.

Productinfo

Name

• psyced

Version

• 20081120
• 20090323
• 20090617
• 20111122

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion