OpenLink Virtuoso Multiple Denial Of Service Vulnerabilities

Bugtraq ID:	30281
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Jul 17 2008 12:00AM
Updated:	Jul 21 2008 09:18PM
Credit:	The vendor disclosed these issues.
Vulnerable:	OpenLink Software Virtuoso 5.0.6
Not Vulnerable:

OpenLink Virtuoso Multiple Denial Of Service Vulnerabilities

OpenLink Virtuoso is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle certain types of queries.

An attacker may exploit these issues to crash the affected application, denying service to legitimate users.

NOTE: Other issues reported in the change log may have a negative impact on security.

Virtuoso 5.0.6 is vulnerable; other versions may also be affected.

OpenLink Virtuoso Multiple Denial Of Service Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

OpenLink Virtuoso Multiple Denial Of Service Vulnerabilities

Solution:
The vendor has released OpenLink Virtuoso 5.0.7 to address these issues. Please see the references for more information.

OpenLink Virtuoso Multiple Denial Of Service Vulnerabilities

References:

• OpenLink Virtuoso Change Log (OpenLink)
  
• OpenLink Virtuoso Homepage (OpenLink)
  
• OpenLink Virtuoso Project Page (OpenLink)