Scripts’R’Us: Remote Crashing Gajim
Gajim-Quitter is a little tool that registers a Jabber account, and sends well-formed, but invalid messages to the Gajim lead developer and the Gajim groupchat. Due to a bug, the jabber client Gajim crashes on receiving invalid (yet well-formed) namespace-malformed XML – namely tags with an undefined namespace.
Gajim-Quitter was coded in expect(1); programming it was quite interesting, these two articles (and the relevant RFCs and XEPs) helped me a lot. It would probably be a fun exercise for beginner-level programming courses to build a simple Jabber client.
If you want to be safe, use another Jabber client until the issue is fixed.
Update: Shortly after publishing this program it has come to my attention that the problem cannot be fixed in the client. Thus, the specification will probably be changed to require that servers check the transmitted XML for validity, which would in turn mean that everyone sending malformed XML will be disconnected.