Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7159

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-7159
Last Modified 22 Oct 2012 11:01:24
Published 10 Sep 2009 05:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7159

Summary

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string.

Vulnerable Systems

Application

  • Silcnet Silc Toolkit 1.1

  • Silcnet Silc Toolkit 1.1.1

  • Silcnet Silc Toolkit 1.1.2

  • Silcnet Silc Toolkit 1.1.3

  • Silcnet Silc Toolkit 1.1.4

  • Silcnet Silc Toolkit 1.1.5

  • Silcnet Silc Toolkit 1.1.6


References

BID - 36192

MLIST - [oss-security] 20090831 CVE id request: silc-toolkit

DEBIAN - DSA-1879

CONFIRM - http://silcnet.org/general/news/news_toolkit.php

CONFIRM - http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.8

XF - silctoolkit-silcasn1encoder-format-string(53477)

MLIST - [oss-security] 20090903 Re: CVE id request: silc-toolkit

SECUNIA - 36625

SECUNIA - 36614

SUSE - SUSE-SR:2009:016

MANDRIVA - MDVSA-2009:234


Last Updated: 27 May 2016 10:53:40