FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jabberd -- SASL Negotiation Denial of Service Vulnerability

Affected packages
jabberd < 2.0.11

Details

VuXML ID f4af098d-d921-11da-ad4a-00123ffe8333
Discovery 2006-03-20
Entry 2006-05-01

Secunia reports:

A vulnerability has been reported in jabberd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of SASL negotiation. This can be exploited to cause a crash by sending a "response" stanza before an "auth" stanza.

References

CVE Name CVE-2006-1329
URL http://article.gmane.org/gmane.network.jabber.admin/27372
URL http://jabberstudio.org/projects/jabberd2/releases/view.php?id=826
URL http://secunia.com/advisories/19281/