Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6393

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-6393
Last Modified 27 Apr 2010 01:45:51
Published 03 Mar 2009 11:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6393

Summary

PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.

Vulnerable Systems

Application

  • Psi-im Psi 0.1.0

  • Psi-im Psi 0.11

  • Psi-im Psi 0.12

  • Psi-im Psi 0.8.6

  • Psi-im Psi 0.8.7

  • Psi-im Psi 0.9

  • Psi-im Psi 0.9.1

  • Psi-im Psi 0.9.2

  • Psi-im Psi 0.9.3


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=658912

FEDORA - FEDORA-2009-2295

FEDORA - FEDORA-2009-2285

BUGTRAQ - 20081223 [ISecAuditors Security Advisories] PSI remote integer overflow DoS

MLIST - [oss-security] 20090225 CVE request: Psi <0.12.1 DoS

MILW0RM - 7555

DEBIAN - DSA-1741

SECUNIA - 34301

SECUNIA - 34259

SECUNIA - 34119

SECUNIA - 33311

SUSE - SUSE-SR:2009:006

MISC - http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=252830


Last Updated: 27 May 2016 10:49:10