101028 – net-im/jabberd: Buffer Overflow Vulnerabilities

Bug 101028 - net-im/jabberd: Buffer Overflow Vulnerabilities

Summary: net-im/jabberd: Buffer Overflow Vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/16291/
Whiteboard:	~1 [noglsa] DerCorny
Keywords:

Depends on:
Blocks:

Reported:	2005-08-01 14:59 UTC by Jean-François Brunette (RETIRED)
Modified:	2005-08-08 07:27 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-08-01 14:59:27 UTC

Michael has reported some vulnerabilities in jabberd, which potentially can be
exploited by malicious users to compromise a vulnerable system.

The vulnerabilities are caused due to three boundary errors in jid.c when
parsing JID strings with overly long user, host, or resource components. This
can be exploited to crash the server or potentially execute arbitrary code.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2005-08-01 15:11:19 UTC

net-im, pls provide an updated ebuild. you could use the save version jabberd2
s9 or fix using this patch:
http://j2.openaether.org/bugzilla/attachment.cgi?id=86 - thanks!

Comment 2 Wolfram Schlich (RETIRED) gentoo-dev

2005-08-07 13:27:03 UTC

done, 2.0.9 committed, 2.0.8-r2 removed.

Comment 3 Jean-François Brunette (RETIRED) gentoo-dev

2005-08-08 07:07:43 UTC

reopening, the process isn't finished

Comment 4 Jean-François Brunette (RETIRED) gentoo-dev

2005-08-08 07:13:26 UTC

arches please mark stable

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2005-08-08 07:27:03 UTC

Only the masked version was affected. No need to mark stable...