|
|
| |
|
| |
silc: several vulnerabilities
| Package(s): | silc-client/silc-toolkit |
CVE #(s): | CVE-2008-7159
CVE-2008-7160
CVE-2009-3051
|
| Created: | September 4, 2009 |
Updated: | June 1, 2010 |
| Description: |
From the Debian advisory:
An incorrect format string in sscanf() used in the ASN1 encoder to scan an
OID value could overwrite a neighbouring variable on the stack as the
destination data type is smaller than the source type on 64-bit. On 64-bit
architectures this could result in unexpected application behaviour or even
code execution in some cases (CVE-2008-7159).
Various format string vulnerabilities when handling parsed SILC messages
allow an attacker to execute arbitrary code with the rights of the victim
running the SILC client via crafted nick names or channel names containing
format strings (CVE-2009-3051).
An incorrect format string in a sscanf() call used in the HTTP server
component of silcd could result in overwriting a neighbouring variable on
the stack as the destination data type is smaller than the source type on
64-bit. An attacker could exploit this by using crafted Content-Length
header values resulting in unexpected application behaviour or even code
execution in some cases (CVE-2008-7160).
|
| Alerts: |
|
( Log in to post comments)
|
|
|