VDB
CVE-2016-9928
CVE-2016-9928
PUBLISHED
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
EPSS 2.71% · 86.2th percentile
Risk Scores
EPSS Score
2.71%
86.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | mcabber | 0, 0.10.2-1, 0.10.2-1build1 |
Exploit Intelligence
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258 (nist-nvd)
- https://bugzilla.redhat.com/show_bug.cgi?id=1403790 (nist-nvd)
- https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw (circl)
- https://gultsch.de/gajim_roster_push_and_message_interception.html (circl)
- http://www.openwall.com/lists/oss-security/2017/02/09/29 (circl)
- http://www.openwall.com/lists/oss-security/2016/12/11/2 (circl)
- http://www.securityfocus.com/bid/94862 (circl)
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00130.html (circl)
- [debian-lts-announce] 20200628 [SECURITY] [DLA 2260-1] mcabber security update (circl)
- USN-4506-1 (circl)
…and 2 more exploits
Timeline
- Feb 10, 2017 PoC Published
- Feb 6, 2020 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-9928 third-party-advisory
- https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/12/09/5 third-party-advisory
- https://ubuntu.com/security/notices/USN-4506-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-9928 third-party-advisory