Info

Disclosure

Sep 19, 2004

Discovery

Unknown

Dates

Exploit

Sep 19, 2004

Solution

Unknown

Description

jabberd and jadc2s contains a flaw that may allow a remote denial of service. The issue is triggered due to the parsing of XML messages. By sending a malformed byte sequence of 0xEF, 0xBB, 0xBF to certain sockets, a remote attacker could cause the application to crash, resulting in a loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Products

Rob Norris	jabberd	1.4.3
Rob Norris	jadc2s	0.9.0

References

Security Tracker: 1011383 1011384
Bugtraq ID: 11231
Secunia Advisory ID: 12636
ISS X-Force ID: 17466
CVE ID: 2004-1378 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0261.html
Vendor Specific Solution URL: http://devel.amessage.info/jabberd14/
http://devel.amessage.info/jadc2s/
Vendor URL: http://jabberd.jabberstudio.org/
http://jabberd.jabberstudio.org/1.4/doc/jadc2s
Vendor Specific News/Changelog Entry: http://jabberstudio.org/pipermail/jabberd/2004-September/002004.html
Vendor Specific Advisory URL: http://security.gentoo.org/glsa/glsa-200409-31.xml

Credit

José Antonio Calvo - joshescomposlinux.org -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Rob Norris

jabberd

jadc2s

References

Credit