LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MRG Messaging: denial of service

Package(s):MRG Messaging CVE #(s):CVE-2010-3083 CVE-2010-3701
Created:October 8, 2010 Updated:October 14, 2010
Description: From the Red Hat advisory:

A flaw was found in the way SSL connections to the MRG Messaging broker were handled. A connection (from a user or client application) to the broker's SSL port would prevent the broker from responding to any other connections on that port, until the first connection's SSL handshake completed or failed. A remote user could use this flaw to block connections from legitimate clients. Note that this issue only affected connections to the SSL port. The broker does not listen for SSL connections by default. (CVE-2010-3083)

A flaw was found in the way the MRG Messaging broker handled the receipt of large persistent messages. If a remote, authenticated user sent a very large persistent message, the broker could exhaust stack memory, causing the broker to crash. (CVE-2010-3701)

Alerts:
Red Hat RHSA-2010:0757-01 2010-10-07
Red Hat RHSA-2010:0756-01 2010-10-07
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds