Test ID:	1.3.6.1.4.1.25623.1.0.63739
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200904-01 (openfire)
Summary:	The remote host is missing updates announced in;advisory GLSA 200904-01.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200904-01. Vulnerability Insight: Multiple vulnerabilities were discovered in Openfire, the worst of which may allow remote execution of arbitrary code. Solution: All Openfire users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-im/openfire-3.6.3' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6508 BugTraq ID: 32189 http://www.securityfocus.com/bid/32189 Bugtraq: 20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...) (Google Search) http://www.securityfocus.com/archive/1/498162/100/0/threaded https://www.exploit-db.com/exploits/7075 http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt http://www.andreas-kurtz.de/archives/63 http://osvdb.org/49663 http://secunia.com/advisories/32478 http://www.vupen.com/english/advisories/2008/3061 XForce ISS Database: openfire-authcheckfilter-security-bypass(46488) https://exchange.xforce.ibmcloud.com/vulnerabilities/46488 Common Vulnerability Exposure (CVE) ID: CVE-2008-6509 http://osvdb.org/51912 XForce ISS Database: openfire-siparklogsummary-sql-injection(46487) https://exchange.xforce.ibmcloud.com/vulnerabilities/46487 Common Vulnerability Exposure (CVE) ID: CVE-2008-6510 XForce ISS Database: openfire-url-xss(46486) https://exchange.xforce.ibmcloud.com/vulnerabilities/46486 Common Vulnerability Exposure (CVE) ID: CVE-2008-6511 Common Vulnerability Exposure (CVE) ID: CVE-2009-0496 BugTraq ID: 32935 http://www.securityfocus.com/bid/32935 BugTraq ID: 32937 http://www.securityfocus.com/bid/32937 BugTraq ID: 32938 http://www.securityfocus.com/bid/32938 BugTraq ID: 32939 http://www.securityfocus.com/bid/32939 BugTraq ID: 32940 http://www.securityfocus.com/bid/32940 BugTraq ID: 32943 http://www.securityfocus.com/bid/32943 BugTraq ID: 32944 http://www.securityfocus.com/bid/32944 Bugtraq: 20090108 CORE-2008-1128: Openfire multiple vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/499880/100/0/threaded http://www.coresecurity.com/content/openfire-multiple-vulnerabilities http://secunia.com/advisories/33452 XForce ISS Database: openfire-mucroomeditform-xss(47845) https://exchange.xforce.ibmcloud.com/vulnerabilities/47845 XForce ISS Database: openfire-multiple-scripts-xss(47834) https://exchange.xforce.ibmcloud.com/vulnerabilities/47834 XForce ISS Database: openfire-serverproperties-xss(47835) https://exchange.xforce.ibmcloud.com/vulnerabilities/47835 Common Vulnerability Exposure (CVE) ID: CVE-2009-0497 BugTraq ID: 32945 http://www.securityfocus.com/bid/32945 http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp https://bugs.gentoo.org/show_bug.cgi?id=257585 XForce ISS Database: openfire-log-directory-traversal(47806) https://exchange.xforce.ibmcloud.com/vulnerabilities/47806
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.