| Vulnerability Name: | CVE-2008-6393 (CCN-47586) | ||||||||||||||||||||
| Assigned: | 2008-12-23 | ||||||||||||||||||||
| Published: | 2008-12-23 | ||||||||||||||||||||
| Updated: | 2017-09-29 | ||||||||||||||||||||
| Summary: | PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-189 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CONFIRM Type: Exploit http://bugs.gentoo.org/show_bug.cgi?id=252830 Source: MITRE Type: CNA CVE-2008-6393 Source: MISC Type: UNKNOWN http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html Source: SUSE Type: UNKNOWN SUSE-SR:2009:006 Source: CCN Type: Psi Web site Psi, the Cross-Platform Jabber/XMPP Client for Power Users Source: CCN Type: SA33311 Psi File Transfer Service Packet Parsing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 33311 Source: SECUNIA Type: UNKNOWN 34119 Source: SECUNIA Type: UNKNOWN 34259 Source: SECUNIA Type: UNKNOWN 34301 Source: CCN Type: SourceForge.net: Files Psi, File Release Notes and Changelog, Release Name: 0.12.1 Source: CONFIRM Type: Patch http://sourceforge.net/project/shownotes.php?release_id=658912 Source: DEBIAN Type: UNKNOWN DSA-1741 Source: DEBIAN Type: DSA-1741 psi -- integer overflow Source: MLIST Type: Exploit [oss-security] 20090225 CVE request: Psi <0.12.1 DoS Source: CCN Type: OSVDB ID: 52922 PSI Jabber Client File Transfer Request Remote Overflow Source: BUGTRAQ Type: Exploit 20081223 [ISecAuditors Security Advisories] PSI remote integer overflow DoS Source: CCN Type: BID-32987 Psi Malformed Packet Remote Denial of Service Vulnerability Source: XF Type: UNKNOWN psi-filetransfer-bo(47586) Source: EXPLOIT-DB Type: UNKNOWN 7555 Source: FEDORA Type: UNKNOWN FEDORA-2009-2285 Source: FEDORA Type: UNKNOWN FEDORA-2009-2295 Source: SUSE Type: SUSE-SR:2009:006 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||