FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jabberd -- denial-of-service vulnerability

Affected packages
jabber <


VuXML ID 2e25d38b-54d1-11d9-b612-000c6e8f12ef
Discovery 2004-09-19
Entry 2004-12-26
Modified 2005-01-19

José Antonio Calvo discovered a bug in the Jabber 1.x server. According to Matthias Wimmer:

Without this patch, it is possible to remotly crash jabberd14, if there is access to one of the following types of network sockets:

This is any socket on which the jabberd server parses XML!

The problem existed in the included expat XML parser code. This patch removes the included expat code from jabberd14 and links jabberd against an installed version of expat.


CVE Name CVE-2004-1378