Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 29 Jan 2010 14:40:40 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Peter Lemenkov <lemenkov@...il.com>
Subject: Re: CVE Request -- ejabberd

----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote:

> Hi Josh, Steve, vendors,
> 
>    a remotely exploitable DoS from XMPP client to ejabberd server
> via too many "client2server" messages (causing the message queue on
> the server to get overloaded, leading to server crash) has been
> found:
> 
>    https://support.process-one.net/browse/EJAB-1173
> 
> Links to applied patches are in:
> 
>   
> https://support.process-one.net/browse/EJAB-1173;jsessionid=CC9A1D875A20197DD4571444DA8C1EFB?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
> 

Please use CVE-2010-0305

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ