Fwd: Instant disconnect vulnerability

Cory McIntire cory at cpanel.net
Sun Aug 15 12:22:43 EDT 2010

On Sun, 15 Aug 2010 10:47:40 -0400
John Bailey <rekkanoryo at rekkanoryo.org> wrote:

> On 08/15/2010 03:27 AM, Mark Doliner wrote:
> > I don't think I've been able to reproduce this problem, but maybe I
> > don't understand it correctly.
> > 
> > Cory: So you're saying that if a user sends that character to a chat
> > room, then any Pidgin user in the chat room will get disconnected by
> > the jabber server?
> If the server is stupid and allows passing the invalid characters, yes.  This
> means pretty much every openfire server ever to exist.

Just to clarify, we are running an Openfire server in our environment. 


Cory McIntire <cory at cpanel.net>

More information about the security mailing list