|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-31] jabberd 1.x: Denial of Service vulnerability Vulnerability Scan
Vulnerability Scan Summary jabberd 1.x: Denial of Service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-31
(jabberd 1.x: Denial of Service vulnerability)
Jose Antonio Calvo found a defect in routines handling XML parsing of
incoming data. jabberd 1.x may crash upon reception of invalid data on any
socket connection on which XML is parsed.
Impact
A remote attacker may send a specific sequence of bytes to an open socket
to crash the jabberd server, resulting in a Denial of Service.
Workaround
There is no known workaround at this time.
References:
http://www.jabber.org/pipermail/jabberd/2004-September/002004.html
http://www.jabber.org/pipermail/jadmin/2004-September/018046.html
Solution:
All jabberd users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-im/jabberd-1.4.3-r4"
# emerge ">=net-im/jabberd-1.4.3-r4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|