CVE-2008-1552 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1552
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1552

Description: The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41474 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html ST 1019690 SREASON http://securityreason.com/securityalert/3795 SAID Secunia Advisory: SA29946 Secunia Advisory: SA29622 Secunia Advisory: SA29463 Secunia Advisory: SA29465 MISC http://www.coresecurity.com/?action=item&id=2206 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:158 GENTOO http://security.gentoo.org/glsa/glsa-200804-27.xml FEDORA CONFIRM http://silcnet.org/general/news/?item=toolkit_20080320_1 http://silcnet.org/general/news/?item=server_20080320_1 http://silcnet.org/general/news/?item=client_20080320_1 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/490069/100/0/threaded BID 28373

Return to the previous page.