• info
• discussion
• exploit
• solution
• references

Jabber Server SSL Handling Denial of Service Vulnerability

Solution:
Mandrake has issued fixes. See advisory MDKSA-2004:005 in the reference section for further details.

Debian has issued fixes. See advisory DSA-414-1 in the reference section.


Jabber Software Foundation Jabber Server 1.4.2 a

• Debian jabber_1.4.2a-1.1woody1_alpha.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_alpha.deb


• Debian jabber_1.4.2a-1.1woody1_arm.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_arm.deb


• Debian jabber_1.4.2a-1.1woody1_hppa.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_hppa.deb


• Debian jabber_1.4.2a-1.1woody1_i386.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_i386.deb


• Debian jabber_1.4.2a-1.1woody1_ia64.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_ia64.deb


• Debian jabber_1.4.2a-1.1woody1_m68k.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_m68k.deb


• Debian jabber_1.4.2a-1.1woody1_mips.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_mips.deb


• Debian jabber_1.4.2a-1.1woody1_mipsel.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_mipsel.deb


• Debian jabber_1.4.2a-1.1woody1_powerpc.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_powerpc.deb


• Debian jabber_1.4.2a-1.1woody1_s390.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_s390.deb


• Debian jabber_1.4.2a-1.1woody1_sparc.deb
  http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1. 1woody1_sparc.deb

MandrakeSoft Corporate Server 2.1 x86_64

• Mandrake jabber-1.4.2a-10.1.C21mdk.x86_64.rpm
  Corporate Server 2.1/x86_64FTP Folder: x86_64/corporate/2.1/RPMS/
  http://www.mandrakesecure.net/en/ftp.php

MandrakeSoft Corporate Server 2.1

• Mandrake jabber-1.4.2a-10.1.C21mdk.i586.rpm
  Corporate Server 2.1FTP Folder: corporate/2.1/RPMS/
  http://www.mandrakesecure.net/en/ftp.php

Mandriva Linux Mandrake 9.1

• Mandrake jabber-1.4.2a-10.1.91mdk.i586.rpm
  Mandrake Linux 9.1FTP Folder: 9.1/RPMS/
  http://www.mandrakesecure.net/en/ftp.php

Mandriva Linux Mandrake 9.1 ppc

• Mandrake jabber-1.4.2a-10.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPCFTP Folder: ppc/9.1/RPMS/
  http://www.mandrakesecure.net/en/ftp.php

Mandriva Linux Mandrake 9.2

• Mandrake jabber-1.4.2a-10.1.92mdk.i586.rpm
  Mandrake Linux 9.2FTP Folder: 9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-aim-1.4.2a-10.1.92mdk.i586.rpm
  Mandrake Linux 9.2FTP Folder: 9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-conference-1.4.2a-10.1.92mdk.i586.rpm
  Mandrake Linux 9.2FTP Folder: 9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-icq-1.4.2a-10.1.92mdk.i586.rpm
  Mandrake Linux 9.2FTP Folder: 9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-jud-1.4.2a-10.1.92mdk.i586.rpm
  Mandrake Linux 9.2FTP Folder: 9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-msn-1.4.2a-10.1.92mdk.i586.rpm
  Mandrake Linux 9.2FTP Folder: 9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-yahoo-1.4.2a-10.1.92mdk.i586.rpm
  Mandrake Linux 9.2FTP Folder: 9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php

Mandriva Linux Mandrake 9.2 amd64

• Mandrake jabber-1.4.2a-10.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64FTP Folder: amd64/9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-aim-1.4.2a-10.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64FTP Folder: amd64/9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-conference-1.4.2a-10.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64FTP Folder: amd64/9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-icq-1.4.2a-10.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64FTP Folder: amd64/9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-jud-1.4.2a-10.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64FTP Folder: amd64/9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-msn-1.4.2a-10.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64FTP Folder: amd64/9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake jabber-yahoo-1.4.2a-10.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64FTP Folder: amd64/9.2/RPMS/
  http://www.mandrakesecure.net/en/ftp.php