{"vuid":"VU#489228","idnumber":"489228","name":"Ignite Realtime Smack XMPP API contains multiple vulnerabilities","keywords":["ignite","realtime","xmpp","smack","ssl","mitm","certificate","cwe-358","cwe-345"],"overview":"Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates (CWE-358) and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. (CWE-345)","clean_desc":"CWE-358: Improperly Implemented Security Check for Standard - CVE-2014-0363\nThe implementation of ServerTrustManger in Smack API version 3.4.1, and possibly earlier versions, does not properly verify the basicConstraints and nameConstraints of a certificate within a certificate chain. CWE-345: Insufficient Verification of Data Authenticity - CVE-2014-0364\nThe implementation of ParseRoster in Smack API version 3.4.1, and possibly earlier versions, does not properly verify the from attribute for roster queries. The CVSS score below is for CVE-2014-0363.","impact":"A remote unauthenticated attacker may be able to perform a man-in-the-middle attack, add roster entries or spoof IQ responses.","resolution":"Apply an Update Smack API version 4.0.0 addresses these vulnerabilities. At the time of publication only a release candidate for version 4.0.0 was available.","workarounds":"","sysaffected":"","thanks":"Thanks to Ryan Sleevi for identifying the vulnerability in ServerTrustManager and Thijs Alkemade for identifying the IQ validation vulnerability and Florian Schmaus for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.igniterealtime.org/projects/smack/","http://issues.igniterealtime.org/browse/SMACK-410","http://issues.igniterealtime.org/browse/SMACK-533","http://issues.igniterealtime.org/browse/SMACK-538","https://cwe.mitre.org/data/definitions/358.html","https://cwe.mitre.org/data/definitions/345.html"],"cveids":["CVE-2014-0363","CVE-2014-0364"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-04-18T15:19:54Z","publicdate":"2014-04-29T00:00:00Z","datefirstpublished":"2014-04-29T14:11:47Z","dateupdated":"2014-04-29T14:11:47Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"M","cvss_securityrequirementscr":"H","cvss_securityrequirementsir":"L","cvss_securityrequirementsar":"L","cvss_basescore":"5.7","cvss_basevector":"AV:A/AC:M/Au:N/C:C/I:N/A:N","cvss_temporalscore":"4.5","cvss_environmentalscore":"5.49829442589926","cvss_environmentalvector":"CDP:LM/TD:M/CR:H/IR:L/AR:L","metric":0.0,"vulnote":null}