Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1756

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1756
Last Modified 26 Oct 2011 12:00:00
Published 20 Jun 2011 10:52:43
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1756

Summary

modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable Systems

Application

  • Citadel 7.11

  • Citadel 7.50

  • Citadel 7.60

  • Citadel 7.80

  • Citadel 7.81

  • Citadel 7.82

  • Citadel 7.84

  • Citadel 7.86


References

CONFIRM - http://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2.diff.gz

CONFIRM - http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6

CONFIRM - http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0c

BID - 48071

DEBIAN - DSA-2250

SECUNIA - 44788

CONFIRM - http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changelog

CONFIRM - http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changelog


Last Updated: 27 May 2016 10:56:26