It was discovered that the AMQP type decoder was exposed pre-authentication because it was possible to send arbitrary types in the client-properties map in a connection.start-ok message. This is used to send an array with elements which are all of width zero and thus consume no space on the wire, but need storage after decoding by the server. On some systems, a suitably chosen SIZE value triggers the OOM killer and terminates the server process permanently. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This is corrected upstream: https://svn.apache.org/viewvc?view=revision&revision=1453031 External References: https://issues.apache.org/jira/browse/QPID-4629
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:0562 https://rhn.redhat.com/errata/RHSA-2013-0562.html
This issue has been addressed in following products: MRG for RHEL-5 v. 2 Via RHSA-2013:0561 https://rhn.redhat.com/errata/RHSA-2013-0561.html
Created qpid-cpp tracking bugs for this issue Affects: fedora-all [bug 918804]