security/cve-2014-0219.txt - karaf-site - Git at Google

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

 CVE-2014-0219: Apache Karaf bind shutdown port on loopback interface

 Severity: Minor

 Vendor: The Apache Software Foundation

 Versions Affected:

 This vulnerability affects all versions of Apache Karaf prior to 4.0.10

 Description:

 Apache Karaf enables a shutdown port on the loopback interface, which
 allows local users to cause a denial of service (shutdown) by sending
 a shutdown command to all listening high ports.

 This has been fixed in revision:

 https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=99365a3

 Migration:

 Apache Karaf users should upgrade to 4.0.10 or later and disable the
 shutdown port.

 Credit: This issue was reported by Colm O hEigeartaigh of Talend.
 -----BEGIN PGP SIGNATURE-----

 iQIzBAEBCAAdFiEEGqjPktQJpzOT0Lc2v/LuQsgoLnYFAlwtsiQACgkQv/LuQsgo
 LnbrIg/6ApxUUR0cY7x/n5eM6fCP3io1+vmVineUIhBwu5H97jKBvtTWkNrWoAAv
 tovNuYZVykyOpqBGu/Y4T/G5ryox1MaYV8jP7dad7I4wgqxSXFucoxRvSXr6jjAz
 zF3rxHlGw1b0aKQDZgHBv8vcbbVtw6rE6opKdjwN/C4LCDojVhQQbmSlj+oCIAJI
 JVns9NMpo8VY3btYs0OizmqTtOoKUHkmy4Jy1Fpolsv4KRZrsmvTntPoEYLrjbUy
 5xKu/fTGEstJWhOi66xtSPfM+KwDfPVbvmu8QDxQldl6mjPBAQMwhYQSzz6ubNEF
 3rN4zx80r/cPBQbflaiYnoLuJPhJzdUxgxPAuvvq//t7RCKdS+zMQ2pkxXt0W8p1
 9WVhaVhfQmZf+RoRMnrHcNlvV5EXLRyTfegRScd7+8iPESESi9qnOU2x8JuoqKWc
 K1RY94ZD9wdbLh4HqnrqsaYZFrmJ3QXusrSqlioTltjlBE8E9BOVHnvsRnv6kp+S
 2r+57iauD7SdMtuMuBPTFc9FOHR3DhTm6dYTiuLp7jdwRA8zRX67oTIh17D9zGH9
 YC9B61Rq8ofhoVoRQukfEDkhh423/Oi6IUijPmSPF0dV7nRFd27WadagFFQVfgl3
 s2ktdT89ER72fyEi99Qp4tMtY6P9bfblIlt5HyuTxhUTRjzf05k=
 =MziI
 -----END PGP SIGNATURE-----
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA256

	CVE-2014-0219: Apache Karaf bind shutdown port on loopback interface

	Severity: Minor

	Vendor: The Apache Software Foundation

	Versions Affected:

	This vulnerability affects all versions of Apache Karaf prior to 4.0.10

	Description:

	Apache Karaf enables a shutdown port on the loopback interface, which
	allows local users to cause a denial of service (shutdown) by sending
	a shutdown command to all listening high ports.

	This has been fixed in revision:

	https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=99365a3

	Migration:

	Apache Karaf users should upgrade to 4.0.10 or later and disable the
	shutdown port.

	Credit: This issue was reported by Colm O hEigeartaigh of Talend.
	-----BEGIN PGP SIGNATURE-----

	iQIzBAEBCAAdFiEEGqjPktQJpzOT0Lc2v/LuQsgoLnYFAlwtsiQACgkQv/LuQsgo
	LnbrIg/6ApxUUR0cY7x/n5eM6fCP3io1+vmVineUIhBwu5H97jKBvtTWkNrWoAAv
	tovNuYZVykyOpqBGu/Y4T/G5ryox1MaYV8jP7dad7I4wgqxSXFucoxRvSXr6jjAz
	zF3rxHlGw1b0aKQDZgHBv8vcbbVtw6rE6opKdjwN/C4LCDojVhQQbmSlj+oCIAJI
	JVns9NMpo8VY3btYs0OizmqTtOoKUHkmy4Jy1Fpolsv4KRZrsmvTntPoEYLrjbUy
	5xKu/fTGEstJWhOi66xtSPfM+KwDfPVbvmu8QDxQldl6mjPBAQMwhYQSzz6ubNEF
	3rN4zx80r/cPBQbflaiYnoLuJPhJzdUxgxPAuvvq//t7RCKdS+zMQ2pkxXt0W8p1
	9WVhaVhfQmZf+RoRMnrHcNlvV5EXLRyTfegRScd7+8iPESESi9qnOU2x8JuoqKWc
	K1RY94ZD9wdbLh4HqnrqsaYZFrmJ3QXusrSqlioTltjlBE8E9BOVHnvsRnv6kp+S
	2r+57iauD7SdMtuMuBPTFc9FOHR3DhTm6dYTiuLp7jdwRA8zRX67oTIh17D9zGH9
	YC9B61Rq8ofhoVoRQukfEDkhh423/Oi6IUijPmSPF0dV7nRFd27WadagFFQVfgl3
	s2ktdT89ER72fyEi99Qp4tMtY6P9bfblIlt5HyuTxhUTRjzf05k=
	=MziI
	-----END PGP SIGNATURE-----