Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qpid | Apache | * | 0.17 (including) |
| Qpid | Apache | 0.6 (including) | 0.6 (including) |
| Qpid | Apache | 0.7 (including) | 0.7 (including) |
| Qpid | Apache | 0.8 (including) | 0.8 (including) |
| Qpid | Apache | 0.9 (including) | 0.9 (including) |
| Qpid | Apache | 0.10 (including) | 0.10 (including) |
| Qpid | Apache | 0.12 (including) | 0.12 (including) |
| Qpid | Apache | 0.14 (including) | 0.14 (including) |
| Qpid | Apache | 0.16 (including) | 0.16 (including) |
| MRG for RHEL-5 v. 2 | RedHat | mrg-release-0:2.2.0-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | python-qpid-0:0.14-11.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-cpp-mrg-0:0.14-22.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-java-0:0.18-2.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-jca-0:0.18-2.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-qmf-0:0.14-14.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-tools-0:0.14-6.el5 | * |
| Red Hat Enterprise Linux 6 | RedHat | python-qpid-0:0.14-11.el6_3 | * |
| Red Hat Enterprise Linux 6 | RedHat | qpid-cpp-0:0.14-22.el6_3 | * |
| Red Hat Enterprise Linux 6 | RedHat | qpid-qmf-0:0.14-14.el6_3 | * |
| Red Hat Enterprise Linux 6 | RedHat | qpid-tools-0:0.14-6.el6_3 | * |
| Qpid-cpp | Ubuntu | artful | * |
| Qpid-cpp | Ubuntu | precise | * |
| Qpid-cpp | Ubuntu | quantal | * |
| Qpid-cpp | Ubuntu | raring | * |
| Qpid-cpp | Ubuntu | saucy | * |
| Qpid-cpp | Ubuntu | utopic | * |
| Qpid-cpp | Ubuntu | vivid | * |
| Qpid-cpp | Ubuntu | wily | * |
| Qpid-cpp | Ubuntu | yakkety | * |
| Qpid-cpp | Ubuntu | zesty | * |
References
- http://rhn.redhat.com/errata/RHSA-2012-1269.html
- http://rhn.redhat.com/errata/RHSA-2012-1277.html
- http://secunia.com/advisories/50573
- http://secunia.com/advisories/50698
- http://secunia.com/advisories/50699
- http://www.securityfocus.com/bid/55608
- https://bugzilla.redhat.com/show_bug.cgi?id=817175
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78730
- https://issues.apache.org/jira/browse/QPID-2616
- https://issues.apache.org/jira/browse/QPID-4021
- http://rhn.redhat.com/errata/RHSA-2012-1269.html
- http://rhn.redhat.com/errata/RHSA-2012-1277.html
- http://secunia.com/advisories/50573
- http://secunia.com/advisories/50698
- http://secunia.com/advisories/50699
- http://www.securityfocus.com/bid/55608
- https://bugzilla.redhat.com/show_bug.cgi?id=817175
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78730
- https://issues.apache.org/jira/browse/QPID-2616
- https://issues.apache.org/jira/browse/QPID-4021