[MBT] new ticket for pkg jabber "Denial of service attack"

bugs at pld-linux.org bugs at pld-linux.org
Fri Sep 24 14:08:04 CEST 2004 

Date: 2004-09-24 14:07:54+02	Author: Michał Margula (AlchemyX) <alchemyx at pld-linux.org> 
Title:         Denial of service attack
Ticket ID:     #955
Ticket URL:    http://bugs.pld-linux.org/?bug=955
Package:       jabber-2:1.4.2-3
Distribution:  PLD-1.1.main
Category:      security problem
Current state: opened
Text:

http://mail.jabber.org/pipermail/jadmin/2004-September/018046.html



jabberd up to and including version 1.4.3 and jadc2s up to and including

version 0.9.0 are vulnerable against a DoS attack reported by Jose

Antonio Calvo yesterday on the jabberd mailing list.

(http://jabberstudio.org/pipermail/jabberd/2004-September/002004.html)



An attacker can crash a running jabberd14 server, if it has access to

one of the following types of network sockets:

- Socket accepting client connections

- Socket accepting connections from other servers

- Socket connecting to an other Jabber server

- Socket accepting connections from server components

- Socket connecting to server components

(All connections on which XML is parsed by jabberd14.)



An attacker can crash a running jadc2s component, if it has access to on

of the following types of network sockets:

- Socket accepting client connections

- Socket connecting to the main Jabber server

(All connections on which XML is parsed by jadc2s.)



The attack can be tested by sending the byte sequence 0xEF, 0xBB, 0xBF

to any of the above sockets.



The bug has been fixed in the CVS versions of both projects already some

time ago as the affected code already had been removed from both

projects. Therefore you are not affected if you are running CVS

snapshots that are newer than 2004-05-22 (jabberd14) or 2004-09-07

(jadc2s).



A patch for jabberd 1.4.3 is available at the URI

http://devel.amessage.info/jabberd14/, a patch for jadc2s has not yet

been published but will be available on

http://devel.amessage.info/jadc2s/ shortly.



Related software:

- jabberd2 version 2.0s3 is not affected by this bug.

- Other projects, that incorporate jabberd14 code might be affected by

  this bug as well. This might include the Jabber module of CenterICQ

  (only vulnerable by a Jabber server CenterICQ connects to), but I have

  not tested this yet.

More information about the pld-bugs mailing list