Jabber Gadu-Gadu Transport May Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1009248
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 28 2004
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 2.0.8
|
Description: Some vulnerabilities were reported in Jabber Gadu-Gadu Transport. A remote user may be able to cause denial of service conditions on the target system.
It is reported that a remote registered user can re-register to cause the system to enter an infinite loop.
The software contains other potential denial of service conditions, the report said.
|
Impact: A remote user can cause denial of service conditions on the target application.
|
Solution: The vendor has released a fixed version (2.0.8), available at:
http://www.jabberstudio.org/projects/jabber-gg-transport/releases/
|
Vendor URL: www.jabberstudio.org/projects/jabber-gg-transport/project/view.php (Links to External Site)
|
Cause: Exception handling error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 27 Feb 2004 00:28:24 -0500
Subject: Jabber Gadu-Gadu Transport 2.0.8
|
- Jabber Gadu-Gadu Transport 2.0.8
by Jacek Konieczny (http://freshmeat.net/users/jajcus/)
Friday, February 20th 2004 14:24
Communications :: Chat
Internet
About: The Jabber Gadu-Gadu transport provides Gadu-Gadu protocol support
(which is a very popular proprietary instant messaging protocol in
Poland).
Changes: This release fixes several major bugs (DoS possibility). It also
includes jabberd 2.0 and 64-bit (AMD-64) compatibility fixes.
License: GNU General Public License (GPL)
URL: http://freshmeat.net/projects/jggtrans/
|
|
