SB2011062304 - Multiple vulnerabilities in Prosody

Description

This security bulletin contains information about 2 vulnerabilities.

1) Resource management error (CVE-ID: CVE-2011-2531)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.

2) Resource management error (CVE-ID: CVE-2011-2532)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data.

Remediation

Install update from vendor's website.

References

• http://blog.prosody.im/prosody-0-8-1-released/
• http://hg.prosody.im/0.8/rev/c806a599224a
• http://hg.prosody.im/0.8/rev/d2406f0ce8a5
• http://prosody.im/doc/release/0.8.1
• http://hg.prosody.im/0.8/rev/20979f124ad9