Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3051

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-3051
Last Modified 22 Oct 2012 11:10:34
Published 10 Sep 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3051

Summary

Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.

Vulnerable Systems

Application

  • Silcnet Silc Client 1.1.1

  • Silcnet Silc Client 1.1.2

  • Silcnet Silc Client 1.1.3

  • Silcnet Silc Client 1.1.4

  • Silcnet Silc Client 1.1.6

  • Silcnet Silc Client 1.1.7

  • Silcnet Silc Toolkit 1.1

  • Silcnet Silc Toolkit 1.1.1

  • Silcnet Silc Toolkit 1.1.2

  • Silcnet Silc Toolkit 1.1.3

  • Silcnet Silc Toolkit 1.1.4

  • Silcnet Silc Toolkit 1.1.5

  • Silcnet Silc Toolkit 1.1.6

  • Silcnet Silc Toolkit 1.1.8

  • Silcnet Silc Toolkit 1.1.9


References

VUPEN - ADV-2009-2150

BID - 35940

DEBIAN - DSA-1879

CONFIRM - http://silcnet.org/general/news/news_toolkit.php

CONFIRM - http://silcnet.org/general/news/news_client.php

MLIST - [oss-security] 20090903 Re: CVE id request: silc-toolkit

MLIST - [oss-security] 20090831 CVE id request: silc-toolkit

CONFIRM - http://silcnet.org/docs/release/SILC%20Client%201.1.8

CONFIRM - http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10

CONFIRM - http://silcnet.org/docs/changelog/SILC%20Client%201.1.8

SECUNIA - 36614

SECUNIA - 36134

SUSE - SUSE-SR:2009:016

MANDRIVA - MDVSA-2009:235

MANDRIVA - MDVSA-2009:234


Last Updated: 27 May 2016 10:53:40