MRG Messaging: denial of service
| Package(s): | MRG Messaging | CVE #(s): | CVE-2010-3083 CVE-2010-3701 | ||||||||
| Created: | October 8, 2010 | Updated: | October 14, 2010 | ||||||||
| Description: | From the Red Hat advisory:
A flaw was found in the way SSL connections to the MRG Messaging broker were handled. A connection (from a user or client application) to the broker's SSL port would prevent the broker from responding to any other connections on that port, until the first connection's SSL handshake completed or failed. A remote user could use this flaw to block connections from legitimate clients. Note that this issue only affected connections to the SSL port. The broker does not listen for SSL connections by default. (CVE-2010-3083) A flaw was found in the way the MRG Messaging broker handled the receipt of large persistent messages. If a remote, authenticated user sent a very large persistent message, the broker could exhaust stack memory, causing the broker to crash. (CVE-2010-3701) | ||||||||||
| Alerts: |
| ||||||||||