Vulnerabilities > CVE-2016-10376 - Cryptographic Issues vulnerability in Gajim
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201707-14.NASL description The remote host is affected by the vulnerability described in GLSA-201707-14 (Gajim: Information disclosure) Gajim unconditionally implements the “XEP-0146: Remote Controlling Clients” extension. Impact : Remote attackers, by enticing a user to connect to a malicious XMPP server, could extract plaintext from Off The Record (OTR) encrypted sessions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 101345 published 2017-07-10 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/101345 title GLSA-201707-14 : Gajim: Information disclosure NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-665.NASL description This update for gajim fixes the following issues : - CVE-2016-10376: XEP-0146 extension can be abused by malicious XMPP servers (boo#1041163). - Update to version 0.16.7 : - Better compatibility with XEP-0191: Blocking Command. - Gajim now depends on python-gnupg for PGP encryption. - Remove usage of demandimport. - Many minor bugfixes. - Move python-farstream-0_1 to Suggests. - Correct the licence to GPL-3.0. last seen 2020-06-05 modified 2017-06-09 plugin id 100710 published 2017-06-09 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100710 title openSUSE Security Update : gajim (openSUSE-2017-665) NASL family Fedora Local Security Checks NASL id FEDORA_2017-3C561780C8.NASL description Gajim 0.16.8 - Fix rejoining MUCs after connection loss - Fix Groupchat invites - Fix encoding problems with newer GnuPG versions - Fix old messages randomly reappearing in the chat window - Fix some problems with IBB filetransfer - Make XEP-0146 Commands opt-in - Improve sending messages to your own resources - Improve reliability of delivery recipes - Many minor bugfixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-06-16 plugin id 100821 published 2017-06-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100821 title Fedora 25 : gajim (2017-3c561780c8) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3943.NASL description Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the last seen 2020-06-01 modified 2020-06-02 plugin id 102483 published 2017-08-15 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102483 title Debian DSA-3943-1 : gajim - security update NASL family Fedora Local Security Checks NASL id FEDORA_2017-62547837BA.NASL description Gajim 0.16.8 - Fix rejoining MUCs after connection loss - Fix Groupchat invites - Fix encoding problems with newer GnuPG versions - Fix old messages randomly reappearing in the chat window - Fix some problems with IBB filetransfer - Make XEP-0146 Commands opt-in - Improve sending messages to your own resources - Improve reliability of delivery recipes - Many minor bugfixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-06-16 plugin id 100822 published 2017-06-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100822 title Fedora 24 : gajim (2017-62547837ba) NASL family Fedora Local Security Checks NASL id FEDORA_2017-E6DEEC5BD0.NASL description Gajim 0.16.8 - Fix rejoining MUCs after connection loss - Fix Groupchat invites - Fix encoding problems with newer GnuPG versions - Fix old messages randomly reappearing in the chat window - Fix some problems with IBB filetransfer - Make XEP-0146 Commands opt-in - Improve sending messages to your own resources - Improve reliability of delivery recipes - Many minor bugfixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101739 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101739 title Fedora 26 : gajim (2017-e6deec5bd0) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-967.NASL description Gajim implements XEP-0146, an XMPP extension to run commands remotely from another client. However it was found that malicious servers can trigger commands, which could lead to leaking private conversations from encrypted sessions. To solve this, XEP-0146 support has been disabled by default. For Debian 7 last seen 2020-03-17 modified 2017-05-31 plugin id 100516 published 2017-05-31 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100516 title Debian DLA-967-1 : gajim security update
References
- https://mail.jabber.org/pipermail/standards/2016-August/031335.html
- https://dev.gajim.org/gajim/gajim/issues/8378
- https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
- https://bugs.debian.org/863445
- https://security.gentoo.org/glsa/201707-14
- http://www.debian.org/security/2017/dsa-3943