FreeBSD : ejabberd -- queue overload denial of service vulnerability (a04a3c13-4932-11df-83fb-0015587e2cc1)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Red Hat security response team reports :

A remotely exploitable DoS from XMPP client to ejabberd server via too
many 'client2server' messages (causing the message queue on the server
to get overloaded, leading to server crash) has been found.

See also :

http://support.process-one.net/browse/EJAB-1173
http://www.openwall.com/lists/oss-security/2010/01/29/1
http://xforce.iss.net/xforce/xfdb/56025
http://www.nessus.org/u?32d12824

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 45572 (freebsd_pkg_a04a3c13493211df83fb0015587e2cc1.nasl)

Bugtraq ID: 38003

CVE ID: CVE-2010-0305

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now