sha0 has discovered some vulnerabilities in Psi, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to boundary errors in the file transfer functionality when receiving packets. These can be exploited to cause heap-based buffer overflows by sending a specially crafted packet to the file transfer service (by default port 8010/TCP).
The vulnerabilities are confirmed in version 0.12 for Windows. Other versions may also be affected.
Restrict access to the file transfer service.
The exploit on http://milw0rm.com/exploits/7555 crashed 0.1.2 here on ~amd64.
New ebuild, psi-0.12.1 was added to the tree, which includes fix for this problem. Arch teams, please, stabilize.
Security, please, note that there exist exploit for this issue.
Sparc stable. It seems to work and because it's a security bug.
Stable for HPPA.
ppc look done:
25 Feb 2009; Tobias Scherbaum <firstname.lastname@example.org> psi-0.12.1.ebuild:
ppc stable, bug #252830
I requested a CVE for this on oss-sec.
Please vote for a GLSA.
it's more-or-less a client DoS but i would hardly agree with that bug because it concerns a server-like service (embedded file transfer service). Still, the impact remains very low.
So i vote noglsa.
NO as well, closing.
PSI Jabber client before 0.12.1 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
file transfer request with a negative value in a SOCKS5 option, which
bypasses a signed integer check and triggers an integer overflow and
a heap-based buffer overflow.