ID CVE-2006-1329
Summary The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".
References
Vulnerable Configurations
  • cpe:2.3:a:jabberstudio:jabberd:2.0_a1:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_a1:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_a2:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_a2:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_a3:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_a3:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_a4:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_a4:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_a5:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_a5:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_a6:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_a6:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_b1:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_b1:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_b2:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_b2:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_b3:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_b3:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s1:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s1:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s2:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s2:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s3:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s3:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s4:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s4:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s5:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s5:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s6:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s6:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s7:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s7:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s8:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s8:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:2.0_s9:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:2.0_s9:*:*:*:*:*:*:*
  • cpe:2.3:a:jabberstudio:jabberd:*:*:*:*:*:*:*:*
    cpe:2.3:a:jabberstudio:jabberd:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2008:0261
rpms
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.38.rhn
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
refmap via4
apple APPLE-SA-2010-03-29-1
bid 17155
confirm
secunia 19281
vupen ADV-2006-1009
xf jabberd-sasl-dos(25334)
Last major update 20-07-2017 - 01:30
Published 21-03-2006 - 01:06
Last modified 20-07-2017 - 01:30
Back to Top