Vulnerabilities > CVE-2013-6169 - Cryptographic Issues vulnerability in Process-One Ejabberd

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
process-one
CWE-310
nessus

Summary

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_EJABBERD_20140731.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute. (CVE-2011-4320) - The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. (CVE-2013-6169)
    last seen2020-06-01
    modified2020-06-02
    plugin id80601
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80601
    titleOracle Solaris Third-Party Patch Update : ejabberd (cve_2013_6169_cryptographic_issues)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80601);
      script_version("1.2");
      script_cvs_date("Date: 2018/11/15 20:50:25");
    
      script_cve_id("CVE-2011-4320", "CVE-2013-6169");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : ejabberd (cve_2013_6169_cryptographic_issues)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates :
    
      - The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8
        and 3.0.0-alpha-3 allows remote authenticated users to
        cause a denial of service (infinite loop) via a stanza
        with a publish tag that lacks a node attribute.
        (CVE-2011-4320)
    
      - The TLS driver in ejabberd before 2.1.12 supports (1)
        SSLv2 and (2) weak SSL ciphers, which makes it easier
        for remote attackers to obtain sensitive information via
        a brute-force attack. (CVE-2013-6169)"
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      # https://blogs.oracle.com/sunsecurity/cve-2013-6169-cryptographic-issues-vulnerability-in-ejabberd
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0b11d7a4"
      );
      # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-ejabberd
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?16c19252"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.2.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:ejabberd");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^ejabberd$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "ejabberd");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.2.0.0.0.0", sru:"11.2 SRU 0") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : ejabberd\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "ejabberd");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-005.NASL
    descriptionA vulnerability has been discovered and corrected in ejabberd : The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack (CVE-2013-6169). The updated packages have been upgraded to the 2.1.13 version which is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id72020
    published2014-01-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72020
    titleMandriva Linux Security Advisory : ejabberd (MDVSA-2014:005)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2014:005. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72020);
      script_version("1.4");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2013-6169");
      script_bugtraq_id(62954);
      script_xref(name:"MDVSA", value:"2014:005");
    
      script_name(english:"Mandriva Linux Security Advisory : ejabberd (MDVSA-2014:005)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability has been discovered and corrected in ejabberd :
    
    The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2)
    weak SSL ciphers, which makes it easier for remote attackers to obtain
    sensitive information via a brute-force attack (CVE-2013-6169).
    
    The updated packages have been upgraded to the 2.1.13 version which is
    not vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected ejabberd, ejabberd-devel and / or ejabberd-doc
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ejabberd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ejabberd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ejabberd-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ejabberd-2.1.13-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ejabberd-devel-2.1.13-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"ejabberd-doc-2.1.13-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2775.NASL
    descriptionIt was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers. The updated package for Debian 7 (wheezy) also contains auxiliary bugfixes originally staged for the next stable point release.
    last seen2020-03-17
    modified2013-10-11
    plugin id70375
    published2013-10-11
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70375
    titleDebian DSA-2775-1 : ejabberd - insecure SSL usage
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2775. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70375);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-6169");
      script_xref(name:"DSA", value:"2775");
    
      script_name(english:"Debian DSA-2775-1 : ejabberd - insecure SSL usage");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and
    weak ciphers for communication, which are considered insecure. The
    software offers no runtime configuration options to disable these.
    This update disables the use of SSLv2 and weak ciphers.
    
    The updated package for Debian 7 (wheezy) also contains auxiliary
    bugfixes originally staged for the next stable point release."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/ejabberd"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/ejabberd"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2775"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the ejabberd packages.
    
    For the oldstable distribution (squeeze), this problem has been fixed
    in version 2.1.5-3+squeeze2.
    
    For the stable distribution (wheezy), this problem has been fixed in
    version 2.1.10-4+deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ejabberd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"ejabberd", reference:"2.1.5-3+squeeze2")) flag++;
    if (deb_check(release:"7.0", prefix:"ejabberd", reference:"2.1.10-4+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");