CVE-2016-9928
Publication date 6 February 2020
Last updated 25 August 2025
Ubuntu priority
Description
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| mcabber | 20.04 LTS focal |
Not affected
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 0.10.2-1+deb8u1build0.16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.4 · High
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-4506-1
- MCabber vulnerability
- 16 September 2020