[silc-toolkit] [CVE-2008-1552] possible arbitrary code execution

Bug #215002 reported by disabled.user on 2008-04-10
258
Affects Status Importance Assigned to Milestone
silc-client (Ubuntu)
Undecided
Unassigned
Nominated for Dapper by disabled.user
Nominated for Feisty by disabled.user
Declined for Gutsy by Luca Falavigna
Nominated for Hardy by disabled.user
silc-server (Ubuntu)
Undecided
Unassigned
Nominated for Dapper by disabled.user
Nominated for Feisty by disabled.user
Declined for Gutsy by Luca Falavigna
Nominated for Hardy by disabled.user

Bug Description

Binary package hint: silc

Quoting CVE-2008-1552:
'The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.'

CVE References

William Grant (wgrant) wrote :

Is there any reason this wouldn't affect silc-server as well? The source file in question is identical.

Kees Cook (kees) on 2009-01-23
Changed in silc-server:
status: New → Confirmed
Changed in silc-client:
status: New → Confirmed
4dro (kwadronaut) wrote :

https://launchpad.net/ubuntu/+source/silc-client/1.1.4-1
A backport of silc-client 1.1.4-1 from intprepid to hardy could be put into proposed or security backports?
Version dependencies are satisfied, test on non amd-64 is just fine.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers