jabberd SSL DoS

2004-01-07T04:19:29
ID OSVDB:3345
Type osvdb
Reporter OSVDB
Modified 2004-01-07T04:19:29

Description

Vulnerability Description

Jabber contains a flaw that may allow a remote denial of service. The issue is caused by an undisclosed flaw in pthsock_client when using SSL, and will result in loss of availability for the service.

Solution Description

Upgrade to version 1.4.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Jabber contains a flaw that may allow a remote denial of service. The issue is caused by an undisclosed flaw in pthsock_client when using SSL, and will result in loss of availability for the service.

References:

Vendor Specific Solution URL: http://jabberd.jabberstudio.org/1.4/release-1.4.3.shtml Secunia Advisory ID:10559 Other Advisory URL: http://www.debian.org/security/2004/dsa-414 ISS X-Force ID: 14158 CVE-2004-0013