Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0804121520500.20756@faron.mitre.org>
Date: Sat, 12 Apr 2008 15:20:57 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: openfire <3.5.0 Denial of Service


======================================================
Name: CVE-2008-1728
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1728
Reference: MISC:http://www.igniterealtime.org/fisheye/changelog/svn-org?cs=10031
Reference: URL:http://www.openwall.com/lists/oss-security/2008/04/10/7
Reference: CONFIRM:http://www.igniterealtime.org/issues/browse/JM-1289
Reference: MLIST:[oss-security] 20080411 CVE request: openfire <3.5.0
Reference: SECUNIA:29751
Reference: URL:http://secunia.com/advisories/29751

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows
remote attackers to cause a denial of service (daemon outage) by
triggering large outgoing queues without reading messages.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.