ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
BID:50737
Info
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
| Bugtraq ID: | 50737 |
| Class: | Design Error |
| CVE: |
CVE-2011-4320 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 03 2011 12:00AM |
| Updated: | May 07 2015 05:14PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Oracle Solaris 11.2 Gentoo Linux ejabberd ejabberd 2.1.8 ejabberd ejabberd 2.1.6 ejabberd ejabberd 2.1.3 ejabberd ejabberd 2.1.2 ejabberd ejabberd 2.0.4 ejabberd ejabberd 1.1.3 ejabberd ejabberd 1.1.2 ejabberd ejabberd 1.1.1 _2 ejabberd ejabberd 1.1.1_1 ejabberd ejabberd 1.1.1_0 |
| Not Vulnerable: |
ejabberd ejabberd 2.1.9 |
Discussion
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
ejabberd is prone to a vulnerability that may allow attackers to cause an affected application to enter an infinite loop, resulting in a denial-of-service condition.
ejabberd versions prior to 2.1.9 are affected.
ejabberd is prone to a vulnerability that may allow attackers to cause an affected application to enter an infinite loop, resulting in a denial-of-service condition.
ejabberd versions prior to 2.1.9 are affected.
Exploit / POC
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
References:
References:
- ejabberd Homepage (ejabberd)
- Release Note ejabberd 2.1.9 - 03 Oct 2011 (ejabberd)
- Fix Denial of Service when user sends malformed
stanza (ejabberd)