CVE-2012-3525

Publication date 25 August 2012

Last updated 24 July 2024

Ubuntu priority

Description

s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
jabberd2	12.10 quantal	Fixed 2.2.8-2.2ubuntu1
	12.04 LTS precise	Fixed 2.2.8-2.2ubuntu0.12.04.1
	11.10 oneiric	Fixed 2.2.8-2ubuntu6.1
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Fixed 2.2.8-2ubuntu4.0.10.04.2
	8.04 LTS hardy	Fixed 2.0s11-1ubuntu4.2

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
jabberd2	Other: aabcffa

References

MITRE
NVD
Launchpad
Debian

Other references

http://xmpp.org/resources/security-notices/server-dialback/
https://www.cve.org/CVERecord?id=CVE-2012-3525