Secunia

A weakness and some vulnerabilities have been reported in Centericq, which can be exploited by malicious people to cause a DoS (Denial of Service), and potentially to compromise a user's system.

1) The weakness is caused due to an error in the packet handling for peer to peer communications in the "DirectClient" class. This can be exploited to crash a vulnerable client by sending an empty packet to the listening port.

Successful exploitation requires that the setting "Enable peer-to-peer communications" has been enabled.

2) A boundary error exists in the ktools library used by Centericq. This can be exploited to caused a buffer overflow when the user edits specially crafted contact details retrieved from the messaging server.

For more information:
SA17768

3) Various boundary errors are reported in the IRC, Jabber, LiveJournal, and Yahoo hook, which potentially can be exploited to cause a buffer overflow and execute arbitrary code.

Successful exploitation may require that a user connects to malicious servers.

The weakness and vulnerabilities are reported in version 4.21.0. Other versions may also be affected.

Solution
Disable the "Enable peer-to-peer communications" setting. This may however affect functionality.
Further details available in Customer Area

Provided and/or discovered by
1) Wernfried Haas
2) Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried", Zone-H Research Team.
3) Nico Leidecker, Portcullis Computer Security Ltd.

Changelog
Further details available in Customer Area

Original Advisory
http://www.debian.org/security/2005/dsa-912

3) http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0032.txt

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area