[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Mon, 31 Mar 2008 17:08:03 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Ludwig Nussel <ludwig.nussel@...e.de>
cc: "Steven M. Christey" <coley@...us.mitre.org>,
oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE request: silc
======================================================
Name: CVE-2008-1552
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1552
Reference: BUGTRAQ:20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/490069/100/0/threaded
Reference: MISC:http://www.coresecurity.com/?action=item&id=2206
Reference: CONFIRM:http://silcnet.org/general/news/?item=client_20080320_1
Reference: CONFIRM:http://silcnet.org/general/news/?item=server_20080320_1
Reference: CONFIRM:http://silcnet.org/general/news/?item=toolkit_20080320_1
Reference: BID:28373
Reference: URL:http://www.securityfocus.com/bid/28373
Reference: FRSIRT:ADV-2008-0974
Reference: URL:http://www.frsirt.com/english/advisories/2008/0974/references
Reference: SECTRACK:1019690
Reference: URL:http://www.securitytracker.com/id?1019690
Reference: SECUNIA:29463
Reference: URL:http://secunia.com/advisories/29463
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c)
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC
Client before 1.1.4, and SILC Server before 1.1.2 allows remote
attackers to execute arbitrary code via a crafted PKCS#1 message,
which triggers an integer underflow, signedness error, and a buffer
overflow. NOTE: the researcher describes this as an integer overflow,
but CVE uses the "underflow" term in cases of wraparound from unsigned
subtraction.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux