Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7160

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-7160
Last Modified 22 Oct 2012 11:01:25
Published 10 Sep 2009 05:30:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7160

Summary

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.

Vulnerable Systems

Application

  • Silcnet Silc Toolkit 1.1

  • Silcnet Silc Toolkit 1.1.1

  • Silcnet Silc Toolkit 1.1.2

  • Silcnet Silc Toolkit 1.1.3

  • Silcnet Silc Toolkit 1.1.4

  • Silcnet Silc Toolkit 1.1.5

  • Silcnet Silc Toolkit 1.1.6

  • Silcnet Silc Toolkit 1.1.8


References

BID - 36194

DEBIAN - DSA-1879

CONFIRM - http://silcnet.org/general/news/news_toolkit.php

CONFIRM - http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.9

MLIST - [oss-security] 20090903 Re: CVE id request: silc-toolkit

MLIST - [oss-security] 20090831 CVE id request: silc-toolkit

SECUNIA - 36625

SECUNIA - 36614

SUSE - SUSE-SR:2009:016

MANDRIVA - MDVSA-2009:234


Last Updated: 27 May 2016 10:53:40