Candidate: CVE-2017-10807
PublicDate: 2017-07-04 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10807
 https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
Description:
 JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using
 SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867032
 https://bugs.launchpad.net/ubuntu/+source/jabberd2/+bug/1747893
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_jabberd2:
upstream_jabberd2: released (2.6.1-1)
precise/esm_jabberd2: DNE
trusty_jabberd2: ignored (reached end-of-life)
trusty/esm_jabberd2: DNE (trusty was needed)
vivid/ubuntu-core_jabberd2: DNE
xenial_jabberd2: ignored (end of standard support, was needed)
yakkety_jabberd2: ignored (reached end-of-life)
zesty_jabberd2: released (2.4.0-3+deb9u1build0.17.04.1)
artful_jabberd2: not-affected (2.6.1-1)
bionic_jabberd2: not-affected (2.6.1-1)
cosmic_jabberd2: not-affected (2.6.1-1)
disco_jabberd2: not-affected (2.6.1-1)
eoan_jabberd2: not-affected (2.6.1-1)
focal_jabberd2: not-affected (2.6.1-1)
groovy_jabberd2: not-affected (2.6.1-1)
hirsute_jabberd2: not-affected (2.6.1-1)
impish_jabberd2: not-affected (2.6.1-1)
jammy_jabberd2: not-affected (2.6.1-1)
devel_jabberd2: not-affected (2.6.1-1)