Published: 08/02/2014 Updated: 10/02/2014

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The _ssl_verify_callback function in tls_nb.py in Gajim prior to 0.15.3 does not properly verify SSL certificates, which allows remote malicious users to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gajim gajim 0.12.1
gajim gajim 0.12.2
gajim gajim 0.12.3
gajim gajim 0.12.4
gajim gajim 0.15
gajim gajim 0.2
gajim gajim 0.2.1
gajim gajim 0.3
gajim gajim 0.10
gajim gajim 0.10.1
gajim gajim 0.11
gajim gajim 0.11.1
gajim gajim 0.13.1
gajim gajim 0.13.2
gajim gajim 0.13.3
gajim gajim 0.13.4
gajim gajim 0.14
gajim gajim 0.6
gajim gajim 0.6.1
gajim gajim 0.7
gajim gajim 0.7.1
gajim gajim 0.15.1
gajim gajim 0.11.3
gajim gajim 0.12
gajim gajim 0.12.5
gajim gajim 0.14.1
gajim gajim 0.14.3
gajim gajim 0.4.1
gajim gajim 0.5.1
gajim gajim 0.8
gajim gajim 0.8.2
gajim gajim 0.9.1
gajim gajim
gajim gajim 0.1
gajim gajim 0.11.2
gajim gajim 0.11.4
gajim gajim 0.13
gajim gajim 0.14.2
gajim gajim 0.14.4
gajim gajim 0.4
gajim gajim 0.5
gajim gajim 0.8.1
gajim gajim 0.9

Debian Bug report logs - #693282 gajim: CVE-2012-5524 Package: gajim; Maintainer for gajim is Debian XMPP Maintainers <pkg-xmpp-devel@listsaliothdebianorg>; Source for gajim is src:gajim (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 15 Nov 2012 06:39:02 UTC Severity: important ...

CWE-20 http://www.openwall.com/lists/oss-security/2012/11/11/6 http://security.gentoo.org/glsa/glsa-201401-02.xml https://trac.gajim.org/ticket/7252 https://trac.gajim.org/query?status=closed&group=resolution&milestone=0.15.3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693282 https://nvd.nist.gov

CVE-2012-5524

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect