Intrusion Prevention

Jabber.Studio.JabberD.Remote.DoS

Description

It indicates a possible exploit of a DoS vulnerability in the Expat XML parser code, as used in the open source Jabber and possibly other packages, that may allow remote attackers to cause a denial of service (application crash) via a malformed packet sent to a socket that accepts XML connections.

Affected Products

JabberStudio jadc2s 0.9
JabberStudio jadc2s 0.8
JabberStudio jadc2s 0.7
JabberStudio jadc2s 0.6
JabberStudio jabberd 1.4.3
JabberStudio jabberd 1.4.2 a
JabberStudio jabberd 1.4.2
JabberStudio jabberd 1.4.1
JabberStudio jabberd 1.4

Impact

Denial of service

Recommended Actions

Gentoo Linux has released an advisory (GLSA 200409-31). Gentoo has advised that all jabberd users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-im/jabberd-1.4.3-r4"
# emerge ">=net-im/jabberd-1.4.3-r4"

CVE References

CVE-2004-1378