-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2014-0219: Apache Karaf bind shutdown port on loopback interface

Severity: Minor

Vendor: The Apache Software Foundation

Versions Affected:

This vulnerability affects all versions of Apache Karaf prior to 4.0.10

Description:

Apache Karaf enables a shutdown port on the loopback interface, which 
allows local users to cause a denial of service (shutdown) by sending 
a shutdown command to all listening high ports.

This has been fixed in revision:

https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=99365a3

Migration:

Apache Karaf users should upgrade to 4.0.10 or later and disable the
shutdown port.

Credit: This issue was reported by Colm O hEigeartaigh of Talend.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEGqjPktQJpzOT0Lc2v/LuQsgoLnYFAlwtsiQACgkQv/LuQsgo
LnbrIg/6ApxUUR0cY7x/n5eM6fCP3io1+vmVineUIhBwu5H97jKBvtTWkNrWoAAv
tovNuYZVykyOpqBGu/Y4T/G5ryox1MaYV8jP7dad7I4wgqxSXFucoxRvSXr6jjAz
zF3rxHlGw1b0aKQDZgHBv8vcbbVtw6rE6opKdjwN/C4LCDojVhQQbmSlj+oCIAJI
JVns9NMpo8VY3btYs0OizmqTtOoKUHkmy4Jy1Fpolsv4KRZrsmvTntPoEYLrjbUy
5xKu/fTGEstJWhOi66xtSPfM+KwDfPVbvmu8QDxQldl6mjPBAQMwhYQSzz6ubNEF
3rN4zx80r/cPBQbflaiYnoLuJPhJzdUxgxPAuvvq//t7RCKdS+zMQ2pkxXt0W8p1
9WVhaVhfQmZf+RoRMnrHcNlvV5EXLRyTfegRScd7+8iPESESi9qnOU2x8JuoqKWc
K1RY94ZD9wdbLh4HqnrqsaYZFrmJ3QXusrSqlioTltjlBE8E9BOVHnvsRnv6kp+S
2r+57iauD7SdMtuMuBPTFc9FOHR3DhTm6dYTiuLp7jdwRA8zRX67oTIh17D9zGH9
YC9B61Rq8ofhoVoRQukfEDkhh423/Oi6IUijPmSPF0dV7nRFd27WadagFFQVfgl3
s2ktdT89ER72fyEi99Qp4tMtY6P9bfblIlt5HyuTxhUTRjzf05k=
=MziI
-----END PGP SIGNATURE-----