漏洞信息详情
Jabber Studio JabberD远程服务拒绝漏洞
- CNNVD编号:CNNVD-200409-056 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2004-1378
- 漏洞类型: 其他
- 发布时间: 2004-09-21
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: jabberstudio
- 漏洞来源: Discovery of this ...
-
漏洞简介
开放源码Jabber (jabberd)1.4.3及其早期版本,jadc2s 0.9.0及其更早期版本和可能其它数据包中的expat XML解析代码存在漏洞。远程攻击者可以借助socket畸形数据包接收XML连接,导致服务拒绝(应用程序崩溃)。
漏洞公告
It has been reported that this issue has been resolved in the CVS version of the software, although this has not been confirmed. Gentoo Linux has released an advisory (GLSA 200409-31). Gentoo has advised that all jabberd users should upgrade to the latest version: # emerge sync # emerge -pv ">=net-im/jabberd-1.4.3-r4" # emerge ">=net-im/jabberd-1.4.3-r4" For more information please see the referenced Gentoo advisory.
参考网址
来源: XF 名称: jabberd-xml-dos(17466) 链接:http://xforce.iss.net/xforce/xfdb/17466 来源: BID 名称: 11231 链接:http://www.securityfocus.com/bid/11231 来源: GENTOO 名称: GLSA-200409-31 链接:http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml 来源: BUGTRAQ 名称: 20040920 Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109583829122679&w=2 来源: devel.amessage.info 链接:http://devel.amessage.info/jabberd14/ 来源: www.vuxml.org 链接:http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html 来源: MLIST 名称: [jabberd] 20040919 Jabberd 1.4 critical bug 链接:http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html 来源: XF 名称: jadc2s-xml-dos(17467) 链接:http://xforce.iss.net/xforce/xfdb/17467 来源: OSVDB 名称: 10257 链接:http://www.osvdb.org/10257 来源: SECTRACK 名称: 1011384 链接:http://securitytracker.com/id?1011384 来源: SECTRACK 名称: 1011383 链接:http://securitytracker.com/id?1011383 来源: SECUNIA 名称: 12636 链接:http://secunia.com/advisories/12636
受影响实体
- Jabberstudio Jabberd:1.4<!--2000-1-1-->
- Jabberstudio Jabberd:1.4.1<!--2000-1-1-->
- Jabberstudio Jabberd:1.4.2<!--2000-1-1-->
- Jabberstudio Jabberd:1.4.2a<!--2000-1-1-->
- Jabberstudio Jabberd:1.4.3<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...