CVE-2013-1909 – python-qpid: client does not validate qpid server TLS/SSL certificate
https://notcve.org/view.php?id=CVE-2013-1909
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El cliente Python en Apache Qpid anterior a v2.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, permitiendo a los atacantes de hombre-en-medio (man-in-the-middle) falsificar servidores SSL mediante un certificado válido de su elección. • http://qpid.apache.org/releases/qpid-0.22/release-notes.html http://rhn.redhat.com/errata/RHSA-2013-1024.html http://secunia.com/advisories/53968 http://secunia.com/advisories/54137 http://svn.apache.org/viewvc?view=revision&revision=1460013 https://issues.apache.org/jira/browse/QPID-4918 https://access.redhat.com/security/cve/CVE-2013-1909 https://bugzilla.redhat.com/show_bug.cgi?id=928530 • CWE-20: Improper Input Validation •
CVE-2012-4460
https://notcve.org/view.php?id=CVE-2012-4460
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash. Las funciones serializing/deserializing de qpid::framing::Buffer en Apache Qpid v0.20 y anteriores permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demonio) a través de vectores no especificados. NOTA: este problema también podría provocar un error de salida de límites al leer, pero no podrían dar lugar a una caída. • http://svn.apache.org/viewvc?view=revision&revision=1453031 https://bugzilla.redhat.com/show_bug.cgi?id=861242 https://issues.apache.org/jira/browse/QPID-4629 https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-4446 – qpid-cpp: qpid authentication bypass
https://notcve.org/view.php?id=CVE-2012-4446
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. La configuración por defecto de Apache Qpid v0.20 y anteriores, cuando el atributo federation_tag está activo, acepta conexiones AMQP sin comprobar el ID del usuario que lo manda, lo que permite a atacantes remotos evitar la autenticación y tener otras sin especificar a través de peticiones AMQP. It was found that the Apache Qpid daemon (qpidd) treated AMQP connections with the federation_tag attribute set as a broker-to-broker connection, rather than a client-to-server connection. This resulted in the source user ID of messages not being checked. A client that can establish an AMQP connection with the broker could use this flaw to bypass intended authentication. • http://rhn.redhat.com/errata/RHSA-2013-0561.html http://rhn.redhat.com/errata/RHSA-2013-0562.html http://secunia.com/advisories/52516 https://bugzilla.redhat.com/show_bug.cgi?id=851355 https://issues.apache.org/jira/browse/QPID-4631 https://access.redhat.com/security/cve/CVE-2012-4446 • CWE-287: Improper Authentication •
CVE-2012-4458 – qpid-cpp: long arrays of zero-width types cause a denial of service
https://notcve.org/view.php?id=CVE-2012-4458
The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message. El tipo decodificador AMQP de Apache Qpid v0.20 y anteriores permite a atacantes remotos causar una denegación de servicios (consumo de memoria y caída del servicio) a través de un número de grande de ceros en el mapa client-properties en un mensaje connection-start-ok. • http://rhn.redhat.com/errata/RHSA-2013-0561.html http://rhn.redhat.com/errata/RHSA-2013-0562.html http://secunia.com/advisories/52516 http://svn.apache.org/viewvc?view=revision&revision=1453031 https://bugzilla.redhat.com/show_bug.cgi?id=861234 https://issues.apache.org/jira/browse/QPID-4629 https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID https://access.redhat.com/security/cve/CVE-2012-4458 • CWE-189: Numeric Errors •
CVE-2012-4459 – qpid-cpp: crash due to qpid::framing::Buffer::checkAvailable() wraparound
https://notcve.org/view.php?id=CVE-2012-4459
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read. Desbordamiento de enteros en la función qpid::framing::Buffer::checkAvailable de Apache Qpid v0.20 y anteriores que permite a atacantes remotos causar una denegación de servicios (caída) a través de un mensaje manipulado, que dispara un error de salida de rango en la lectura. • http://rhn.redhat.com/errata/RHSA-2013-0561.html http://rhn.redhat.com/errata/RHSA-2013-0562.html http://secunia.com/advisories/52516 http://svn.apache.org/viewvc?view=revision&revision=1453031 https://bugzilla.redhat.com/show_bug.cgi?id=861241 https://issues.apache.org/jira/browse/QPID-4629 https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID https://access.redhat.com/security/cve/CVE-2012-4459 • CWE-189: Numeric Errors •