Lucene search

Gentoo FoundationGLSA-200409-31

HistorySep 23, 2004 - 12:00 a.m.

jabberd 1.x: Denial of Service vulnerability

2004-09-2300:00:00

Gentoo Foundation

security.gentoo.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.073 Low

EPSS

Percentile

94.1%

JSON

Background

Jabber is a set of streaming XML protocols enabling message, presence, and other structured information exchange between two hosts. jabberd is the original implementation of the Jabber protocol server.

Description

Jose Antonio Calvo found a defect in routines handling XML parsing of incoming data. jabberd 1.x may crash upon reception of invalid data on any socket connection on which XML is parsed.

Impact

A remote attacker may send a specific sequence of bytes to an open socket to crash the jabberd server, resulting in a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All jabberd users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv "&gt;=net-im/jabberd-1.4.3-r4"
 # emerge "&gt;=net-im/jabberd-1.4.3-r4"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-im/jabberd<= 1.4.3-r3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-im/jabberd	<= 1.4.3-r3	UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.073 Low

EPSS

Percentile

94.1%

JSON

Related for GLSA-200409-31