Bug 101028

Summary:	net-im/jabberd: Buffer Overflow Vulnerabilities
Product:	Gentoo Security	Reporter:	Jean-François Brunette (RETIRED) <formula7>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	net-im
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/16291/
Whiteboard:	~1 [noglsa] DerCorny
Package list:		Runtime testing required:	---

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-08-01 14:59:27 UTC

Michael has reported some vulnerabilities in jabberd, which potentially can be
exploited by malicious users to compromise a vulnerable system.

The vulnerabilities are caused due to three boundary errors in jid.c when
parsing JID strings with overly long user, host, or resource components. This
can be exploited to crash the server or potentially execute arbitrary code.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2005-08-01 15:11:19 UTC

net-im, pls provide an updated ebuild. you could use the save version jabberd2
s9 or fix using this patch:
http://j2.openaether.org/bugzilla/attachment.cgi?id=86 - thanks!

Comment 2 Wolfram Schlich (RETIRED) gentoo-dev

2005-08-07 13:27:03 UTC

done, 2.0.9 committed, 2.0.8-r2 removed.

Comment 3 Jean-François Brunette (RETIRED) gentoo-dev

2005-08-08 07:07:43 UTC

reopening, the process isn't finished

Comment 4 Jean-François Brunette (RETIRED) gentoo-dev

2005-08-08 07:13:26 UTC

arches please mark stable

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2005-08-08 07:27:03 UTC

Only the masked version was affected. No need to mark stable...