Bug#587713: mumble-server: DoS via malformed client queries

Raphael Geissert geissert at debian.org
Thu Jul 1 02:18:40 UTC 2010


Package: mumble-server
Version: 1.2.2-2
Severity: grave
Tags: security

Hi,

The following vulnerability has been reported in mumble-server.

From [1]:
> Through a malformed type of data is possible to force the termination
> of the server due to an error in the SQL query (SQLite library).
> The attacker needs to join the server to exploit it.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry, if one is assigned by then.

There's no known patch at the moment and an exploit is linked by the advisory.

[1]http://aluigi.altervista.org/adv/mumbleed-adv.txt

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net





More information about the Pkg-voip-maintainers mailing list