MRG Messaging: multiple vulnerabilities
| Package(s): | MRG Messaging | CVE #(s): | CVE-2012-4446 CVE-2012-4458 CVE-2012-4459 | ||||||||
| Created: | March 7, 2013 | Updated: | March 13, 2013 | ||||||||
| Description: | From the Red Hat advisory: It was found that the Apache Qpid daemon (qpidd) treated AMQP connections with the federation_tag attribute set as a broker-to-broker connection, rather than a client-to-server connection. This resulted in the source user ID of messages not being checked. A client that can establish an AMQP connection with the broker could use this flaw to bypass intended authentication. For Condor users, if condor-aviary is installed, this flaw could be used to submit jobs that would run as any user (except root, as Condor does not run jobs as root). (CVE-2012-4446) It was found that the AMQP type decoder in qpidd allowed arbitrary data types in certain messages. A remote attacker could use this flaw to send a message containing an excessively large amount of data, causing qpidd to allocate a large amount of memory. qpidd would then be killed by the Out of Memory killer (denial of service). (CVE-2012-4458) An integer overflow flaw, leading to an out-of-bounds read, was found in the Qpid qpid::framing::Buffer::checkAvailable() function. An unauthenticated, remote attacker could send a specially-crafted message to Qpid, causing it to crash. (CVE-2012-4459) | ||||||||||
| Alerts: |
| ||||||||||