Secunia
Login
|
|
|
|
|
|
|
|
|
Apache Qpid Denial of Service Vulnerabilities
Release Date: 2010-10-08 Last Update: 2010-10-15 Views: 3,022
Secunia Advisory SA41710
Where:
From remote
Impact:
DoS,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
Some vulnerabilities have been reported in Apache Qpid, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
1) An error when handling SSL connections can be exploited to prevent further connection attempts via an incomplete SSL handshake.
This vulnerability is reported in Apache Qpid C++ broker & client version 0.5. Other versions may also be affected.
2) An error when processing invalid AMQP data can be exploited to cause a crash.
3) An NULL pointer dereference error exists when attempting to redeclare an existing exchange and add a new alternate exchange. This can be exploited by an authenticated user to cause a crash.
Solution:
Update to version 0.6.
Provided and/or discovered by:
Reported as vulnerabilities in Red Hat bug reports.
Original Advisory:
https://bugzilla.redhat.com/show_bug.cgi?id=632657
https://bugzilla.redhat.com/show_bug.cgi?id=642373
https://bugzilla.redhat.com/show_bug.cgi?id=642377
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Apache Qpid Denial of Service Vulnerabilities
|
No posts yet |
|
You must be logged in to post a comment. |
