FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ejabberd -- queue overload denial of service vulnerability

Affected packages
ejabberd < 2.1.3

Details

VuXML ID a04a3c13-4932-11df-83fb-0015587e2cc1
Discovery 2010-01-29
Entry 2010-04-19

The Red Hat security response team reports:

A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages (causing the message queue on the server to get overloaded, leading to server crash) has been found.

[source]

References

Bugtraq ID 38003
CVE Name CVE-2010-0305
URL http://secunia.com/advisories/38337
URL http://support.process-one.net/browse/EJAB-1173
URL http://www.openwall.com/lists/oss-security/2010/01/29/1
URL http://xforce.iss.net/xforce/xfdb/56025

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.