CVE-2010-0305

Description

ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.

Affected products

• process-one / ejabberd2.1.2
• process-one / ejabberd0.9 – 0.9
• process-one / ejabberd0.9.1 – 0.9.1
• process-one / ejabberd0.9.8 – 0.9.8
• process-one / ejabberd1.0.0 – 1.0.0
• process-one / ejabberd1.1.0 – 1.1.0
• process-one / ejabberd1.1.1 – 1.1.1
• process-one / ejabberd1.1.1.0 – 1.1.1.0
• process-one / ejabberd1.1.1.1 – 1.1.1.1
• process-one / ejabberd1.1.2 – 1.1.2
• process-one / ejabberd1.1.3 – 1.1.3
• process-one / ejabberd1.1.14 – 1.1.14
• process-one / ejabberd2.0.0 – 2.0.0
• process-one / ejabberd2.0.0 – 2.0.0
• process-one / ejabberd2.0.0 – 2.0.0
• process-one / ejabberd2.0.1_2 – 2.0.1_2
• process-one / ejabberd2.0.2 – 2.0.2
• process-one / ejabberd2.0.3 – 2.0.3
• process-one / ejabberd2.0.4 – 2.0.4
• process-one / ejabberd2.0.5 – 2.0.5
• process-one / ejabberd2.1.0 – 2.1.0
• process-one / ejabberd2.1.1 – 2.1.1

References

• MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/01/29/1
• VENDOR_ADVISORYhttp://secunia.com/advisories/38337
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/01/29/5
• MISChttp://www.osvdb.org/62066
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0894
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/56025
• VENDOR_ADVISORYhttp://www.debian.org/security/2010/dsa-2033
• MISChttps://support.process-one.net/browse/EJAB-1173
• MISChttp://www.securityfocus.com/bid/38003
• VENDOR_ADVISORYhttp://secunia.com/advisories/39423