Bug 559890 - ejabberd: Remote DoS via flood of client2server messages
Summary: ejabberd: Remote DoS via flood of client2server messages
Keywords:
Status: CLOSED DUPLICATE of bug 559921
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: https://support.process-one.net/brows...
Whiteboard:
: 559891 559893 559900 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-01-29 09:56 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:34 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-03-22 19:12:21 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2010-01-29 09:56:59 UTC 
Remotely exploitable DoS from XMPP client to ejabberd server
via flood of "client2server" messages (causing the message queue on
the server to get overloaded, leading to server crash) has been found.

Track of the incident:
  https://support.process-one.net/browse/EJAB-1173

Upstream patches against v2.1:
  https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N
  https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N

CVE Request:
  http://www.openwall.com/lists/oss-security/2010/01/29/1
Comment 1 Josh Bressers 2010-03-22 19:10:40 UTC 
*** Bug 559900 has been marked as a duplicate of this bug. ***
Comment 2 Josh Bressers 2010-03-22 19:10:49 UTC 
*** Bug 559893 has been marked as a duplicate of this bug. ***
Comment 3 Josh Bressers 2010-03-22 19:10:59 UTC 
*** Bug 559891 has been marked as a duplicate of this bug. ***
Comment 4 Josh Bressers 2010-03-22 19:12:21 UTC 

*** This bug has been marked as a duplicate of bug 559921 ***
Note You need to log in before you can comment on or make changes to this bug.