Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1552

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1552
Last Modified 07 Mar 2011 10:07:15
Published 31 Mar 2008 01:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1552

Summary

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

Vulnerable Systems

Application

  • Silc

  • Silc Client 1.1.3

  • Silc Server 1.1.2

  • Silc Toolkit 1.1.6


References

BID - 28373

CONFIRM - http://silcnet.org/general/news/?item=toolkit_20080320_1

CONFIRM - http://silcnet.org/general/news/?item=server_20080320_1

CONFIRM - http://silcnet.org/general/news/?item=client_20080320_1

FEDORA - FEDORA-2008-2641

FEDORA - FEDORA-2008-2616

XF - silc-silcpkcs1decode-bo(41474)

VUPEN - ADV-2008-0974

SECTRACK - 1019690

BUGTRAQ - 20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow

MANDRIVA - MDVSA-2008:158

MISC - http://www.coresecurity.com/?action=item&id=2206

SECUNIA - 29465

SECUNIA - 29463

SREASON - 3795

GENTOO - GLSA-200804-27

SECUNIA - 29946

SECUNIA - 29622

SUSE - SUSE-SR:2008:008


Last Updated: 27 May 2016 10:47:34