MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 8.0 | 8.0.x |
canonical / ubuntu_linux | 16.04 | 16.04.x |
mcabber / mcabber | 1.0.0 | 1.0.4 |