Date: Fri, 11 Sep 2009 09:28:20 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: coley@...us.mitre.org Subject: Re: CVE id request: silc-toolkit On Thu, 3 Sep 2009 12:45:46 -0400 (EDT) "Steven M. Christey" <coley@...us.mitre.org> wrote: > > | Fixed string format vulnerability in client entry handling. > > | > > | Reported and patch provided by William Cummings. > > > > This one allows an attacker to execute arbitrary code, tested. > > > > | More string format fixes in silcd and client libary > > Use CVE-2009-3051 for both of these format strings, to be filled in > later. Looks like this actually got split to two after all... CVE-2009-3051: Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. Which corresponds to this commit: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff;h=1598b3a51b51a434037461ccd35487bc0df3137c CVE-2009-3163: Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. Which corresponds to (the second part of) this commit: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff;h=8cb801cf6482666818e721822ce81c81ec818908 Btw, SILC seems to implement own snprintf function, that is not only wrapper around system snprintf, so glibc hardening may not help here (I've not tried to confirm that with real PoC though). -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.