VYPR

net-im/jabberd2

by File Project

CVEs (2)

  • CVE-2017-18225HigMar 12, 2018
    risk 0.51cvss 7.8epss 0.00

    The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for…

  • CVE-2017-18226MedMar 12, 2018
    risk 0.36cvss 5.5epss 0.00

    The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat…