Denial of Service Vulnerability in Apache Qpid C++ Broker Component
CVE-2009-5006

Currently unrated

Key Information:

Vendor: Apache
Status: Qpid; Enterprise Mrg
Vendor: CVE Published:; 18 October 2010

Summary

A vulnerability exists in the SessionAdapter component of Apache Qpid, specifically in the ExchangeHandlerImpl::checkAlternate function, allowing remote authenticated users to trigger a denial of service. This can occur when users attempt to modify an exchange's alternate, leading to a NULL pointer dereference, crashing the daemon and causing a disruption in cluster operations. This flaw affects versions prior to Apache Qpid 0.6 and Red Hat Enterprise MRG before 1.3.

References

https://rhn.redhat.com/errata/RHSA-2010-0774.html

vendor-advisoryx_refsource_REDHAT

http://svn.apache.org/viewvc?revision=811188&view=revision

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2010/2684

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Oct 18, 2010
Vulnerability Reserved
Oct 12, 2010