Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Fri, 11 Apr 2008 01:44:52 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: openfire <3.5.0 Denial of Service

Please assign a CVE identifier:

Openfire (formerly wildfire) before 3.5.0 is prone to a Denial of 
Service vulnerability. It cannot handle clients that fail to read 
messages, and has no limit on their session's send buffer.

Secunia:
  http://secunia.com/advisories/29751/
Upstream bug:
  http://www.igniterealtime.org/issues/browse/JM-1289
Commit:
  http://www.igniterealtime.org/fisheye/changelog/svn-org?cs=10031


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux