CVE-2009-5004: Input Validation
First published: Thu Apr 16 2009(Updated: )
It was reported [1], [2] that Apache QPID would crash when a connection was established using DIGEST-MD5 using the security layer. This was corrected upstream by r780719. [1] <a href="https://issues.apache.org/jira/browse/QPID-1819">https://issues.apache.org/jira/browse/QPID-1819</a> [2] <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - Large messages cause hangs and crashes when using digest-md5 and security layer (ssf 128)" href="show_bug.cgi?id=501792">https://bugzilla.redhat.com/show_bug.cgi?id=501792</a> [3] <a href="http://svn.apache.org/viewvc?revision=780719&view=revision">http://svn.apache.org/viewvc?revision=780719&view=revision</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Qpid-cpp | =1.0 | |
| redhat/classads | <0:1.0.4-1.el5 | 0:1.0.4-1.el5 |
| redhat/condor | <0:7.4.1-0.7.el5 | 0:7.4.1-0.7.el5 |
| redhat/condor-ec2-enhanced | <0:1.0-18.el5 | 0:1.0-18.el5 |
| redhat/condor-ec2-enhanced-hooks | <0:1.0-19.el5 | 0:1.0-19.el5 |
| redhat/condor-job-hooks | <0:1.0-13.el5 | 0:1.0-13.el5 |
| redhat/condor-low-latency | <0:1.0-21.el5 | 0:1.0-21.el5 |
| redhat/condor-remote-configuration | <0:1.0-23.el5 | 0:1.0-23.el5 |
| redhat/mrg-grid-docs | <0:1.2-1.el5 | 0:1.2-1.el5 |
| redhat/python-qpid | <0:0.5.752581-4.el5 | 0:0.5.752581-4.el5 |
| redhat/qpidc | <0:0.5.752581-34.el5 | 0:0.5.752581-34.el5 |
| redhat/qpid-java | <0:0.5.751061-9.el5 | 0:0.5.751061-9.el5 |
| redhat/rhm | <0:0.5.3206-27.el5 | 0:0.5.3206-27.el5 |
| redhat/rhm-docs | <0:0.5.756148-2.el5 | 0:0.5.756148-2.el5 |
| redhat/sesame | <0:0.4.3153-2.el5 | 0:0.4.3153-2.el5 |
| debian/qpid-cpp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://issues.apache.org/jira/browse/QPID-1819
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=501792
- http://svn.apache.org/viewvc?revision=780719&view=revision
- http://rhn.redhat.com/errata/RHEA-2009-1633.html
- https://bugzilla.redhat.com/show_bug.cgi?id=642367
- https://security-tracker.debian.org/tracker/CVE-2009-5004
- https://access.redhat.com/security/cve/cve-2009-5004
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-5004
- https://bugzilla.redhat.com/show_bug.cgi?id=501792
- https://www.cve.org/CVERecord?id=CVE-2009-5004 https://nvd.nist.gov/vuln/detail/CVE-2009-5004
- https://access.redhat.com/errata/RHEA-2009:1633
- collector/redhat-bugzilla
- alias/CVE-2009-5004
- collector/nvd-historical
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/event
- agent/tags
- agent/trending
- vendor/apache
- canonical/apache qpid-cpp
- version/apache qpid-cpp/1.0
- package-manager/redhat
- package-manager/debian