On Fri, Mar 06, 2009 at 10:52:17PM +1100, Steffen Joeris wrote: > Package: psi > Severity: important > Tags: security > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for psi. > > CVE-2008-6393[0]: > | PSI Jabber client before 0.12.1 allows remote attackers to cause a > | denial of service (crash) and possibly execute arbitrary code via a > | file transfer request with a negative value in a SOCKS5 option, which > | bypasses a signed integer check and triggers an integer overflow and a > | heap-based buffer overflow. > > The blogpost[1] has some more information. At the moment, I guess the > security impact is fairly low and only results in a client DoS. Maybe > you could check this further, just to be sure? > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry.
Thanks for the report. You can work around the published exploit by disabling the file transfer port (set it to zero). But I'm not sure if that's sufficient: The vulnerable code could also get triggered on outgoing connections. I didn't follow all possible code paths to check that. Jan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
