Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 31 Mar 2008 17:08:03 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Ludwig Nussel <ludwig.nussel@...e.de>
cc: "Steven M. Christey" <coley@...us.mitre.org>,
        oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE request: silc


======================================================
Name: CVE-2008-1552
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1552
Reference: BUGTRAQ:20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/490069/100/0/threaded
Reference: MISC:http://www.coresecurity.com/?action=item&id=2206
Reference: CONFIRM:http://silcnet.org/general/news/?item=client_20080320_1
Reference: CONFIRM:http://silcnet.org/general/news/?item=server_20080320_1
Reference: CONFIRM:http://silcnet.org/general/news/?item=toolkit_20080320_1
Reference: BID:28373
Reference: URL:http://www.securityfocus.com/bid/28373
Reference: FRSIRT:ADV-2008-0974
Reference: URL:http://www.frsirt.com/english/advisories/2008/0974/references
Reference: SECTRACK:1019690
Reference: URL:http://www.securitytracker.com/id?1019690
Reference: SECUNIA:29463
Reference: URL:http://secunia.com/advisories/29463

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c)
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC
Client before 1.1.4, and SILC Server before 1.1.2 allows remote
attackers to execute arbitrary code via a crafted PKCS#1 message,
which triggers an integer underflow, signedness error, and a buffer
overflow.  NOTE: the researcher describes this as an integer overflow,
but CVE uses the "underflow" term in cases of wraparound from unsigned
subtraction.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.