Re: [xmpp] IQ Handling vulnerabilities

Kevin Smith <kevin@kismith.co.uk> Sun, 09 February 2014 22:04 UTC

Return-Path: <k.i.smith@gmail.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDB521A0605 for <xmpp@ietfa.amsl.com>; Sun, 9 Feb 2014 14:04:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93QbA7pmay25 for <xmpp@ietfa.amsl.com>; Sun, 9 Feb 2014 14:04:37 -0800 (PST)
Received: from mail-vc0-x234.google.com (mail-vc0-x234.google.com [IPv6:2607:f8b0:400c:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id A322F1A04DC for <xmpp@ietf.org>; Sun, 9 Feb 2014 14:04:37 -0800 (PST)
Received: by mail-vc0-f180.google.com with SMTP id ks9so4299011vcb.11 for <xmpp@ietf.org>; Sun, 09 Feb 2014 14:04:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=ugZONZ05nQS8V8xCpaioVTghsxA4pI8hhXzc/4TEEhc=; b=ftPe5td1ynsz+K80zMJA7jxQHS7zXK61r8DTkowLyIn1lHwlf4F4Op8jIAbJ5axix4 380PqCZaRbvDxos2zhx4X0mZEWYWmt+DUj81Ai3QdhZjiiQFevBN4RbSgnooYV/j7dIQ AJL6Vw932sh5sWYxFgRmaMQV4pK87NOWapxu6cUbls/xHsB/WgOsKoJOX4Pe9FUm6vwA q9qnV5Plg4XHKpIv5rAXxj6z/RGDK77IF1Z7DWkuaOjMIFLyTw72YgJuqssAquYrFKEk 7nq5V27/Tl2xecxNRetRUSU3LbzWeQK4hR1TMIBJn3UIEcpEiugcN8HBv1sF+/AcsheG 8epQ==
MIME-Version: 1.0
X-Received: by 10.58.161.227 with SMTP id xv3mr623361veb.31.1391983477578; Sun, 09 Feb 2014 14:04:37 -0800 (PST)
Sender: k.i.smith@gmail.com
Received: by 10.52.245.134 with HTTP; Sun, 9 Feb 2014 14:04:37 -0800 (PST)
In-Reply-To: <CAKHUCzw6r4vZOHmLm62YgQAj72EjiXbqc8ZShC4=pJ5gxff31w@mail.gmail.com>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com> <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com> <48F4D361-4403-47E6-862D-FBDDDEBCC642@xnyhps.nl> <CF1A369C.38BE2%jhildebr@cisco.com> <CAKHUCzyCwKbmnUoXLHW=XzYbiFrcg-dQsDojGUnA-_r3qK+_Vg@mail.gmail.com> <12420410-2615-4A32-8998-AFF19D4EF7BC@xnyhps.nl> <CAKHUCzw6r4vZOHmLm62YgQAj72EjiXbqc8ZShC4=pJ5gxff31w@mail.gmail.com>
Date: Sun, 9 Feb 2014 22:04:37 +0000
X-Google-Sender-Auth: NZvjR-UmRDej9SwZowxXP8ZU1GM
Message-ID: <CAOb_FnybyUd69ayMPiLZd1i1n4=cnPA6NB-d3BqguSRH3cJLtA@mail.gmail.com>
From: Kevin Smith <kevin@kismith.co.uk>
To: Dave Cridland <dave@cridland.net>
Content-Type: text/plain; charset=ISO-8859-1
Cc: Ben Campbell <ben@nostrum.com>, XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: kevin@kismith.co.uk
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Feb 2014 22:04:39 -0000

On Sun, Feb 9, 2014 at 7:30 PM, Dave Cridland <dave@cridland.net> wrote:
> I'd hope Kev's example is way off, though - I suspect that servers ignore
> the XEP-0199 reply stanza and just look for activity on the socket.

I would hope so, too - but given some of the things we've seen on the
client side in the last couple of weeks, I don't think it's
unreasonable to suspect there might be servers with as severe
problems. Whether we can find the vulnerabilities or not, though,
doesn't reduce the need to document the issues, I think.

/K