Citadel Jabber server / Jabberd / ejabberd DoS - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Citadel Jabber server / Jabberd / ejabberd DoS
Published: 02.06.2011
Source: BUGTRAQ
SecurityVulns ID: 11705
Type: remote
Level: 5/10
Description: DoS on XML data parsing.

Affected: EJABBERD : ejabberd 2.1
CITADEL : citadel 7.83
JABBERD : jabberd 1.6
CVE: CVE-2011-1756 (modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
CVE-2011-1754 (jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
CVE-2011-1753 (expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)

Original document DEBIAN, [SECURITY] [DSA 2248-1] ejabberd security update (02.06.2011)

DEBIAN, [SECURITY] [DSA 2249-1] jabberd14 security update (02.06.2011)

DEBIAN, [SECURITY] [DSA 2250-1] citadel security update (02.06.2011)

Discuss: Read or add your comments to this news (0 comments)