Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1378

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1378
Last Modified 05 Sep 2008 04:41:11
Published 21 Sep 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1378

Summary

The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.

Vulnerable Systems

Application

  • Jabberstudio Jabberd 1.4

  • Jabberstudio Jabberd 1.4.1

  • Jabberstudio Jabberd 1.4.2

  • Jabberstudio Jabberd 1.4.2a

  • Jabberstudio Jabberd 1.4.3

  • Jabberstudio Jadc2s 0.6

  • Jabberstudio Jadc2s 0.7

  • Jabberstudio Jadc2s 0.8

  • Jabberstudio Jadc2s 0.9


References

XF - jabberd-xml-dos(17466)

BID - 11231

GENTOO - GLSA-200409-31

BUGTRAQ - 20040920 Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0

CONFIRM - http://devel.amessage.info/jabberd14/

CONFIRM - http://www.vuxml.org/freebsd/2e25d38b-54d1-11d9-b612-000c6e8f12ef.html

MLIST - [jabberd] 20040919 Jabberd 1.4 critical bug

XF - jadc2s-xml-dos(17467)

OSVDB - 10257

SECTRACK - 1011384

SECTRACK - 1011383

SECUNIA - 12636


Last Updated: 27 May 2016 10:39:01