CVE-2008-1552

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/29463 Vendor Advisory
http://secunia.com/advisories/29465
http://secunia.com/advisories/29622
http://secunia.com/advisories/29946
http://security.gentoo.org/glsa/glsa-200804-27.xml
http://securityreason.com/securityalert/3795
http://silcnet.org/general/news/?item=client_20080320_1 Patch
http://silcnet.org/general/news/?item=server_20080320_1 Patch
http://silcnet.org/general/news/?item=toolkit_20080320_1 Patch
http://www.coresecurity.com/?action=item&id=2206
http://www.mandriva.com/security/advisories?name=MDVSA-2008:158
http://www.securityfocus.com/archive/1/490069/100/0/threaded
http://www.securityfocus.com/bid/28373 Patch
http://www.securitytracker.com/id?1019690
http://www.vupen.com/english/advisories/2008/0974/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41474
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/29463 Vendor Advisory
http://secunia.com/advisories/29465
http://secunia.com/advisories/29622
http://secunia.com/advisories/29946
http://security.gentoo.org/glsa/glsa-200804-27.xml
http://securityreason.com/securityalert/3795
http://silcnet.org/general/news/?item=client_20080320_1 Patch
http://silcnet.org/general/news/?item=server_20080320_1 Patch
http://silcnet.org/general/news/?item=toolkit_20080320_1 Patch
http://www.coresecurity.com/?action=item&id=2206
http://www.mandriva.com/security/advisories?name=MDVSA-2008:158
http://www.securityfocus.com/archive/1/490069/100/0/threaded
http://www.securityfocus.com/bid/28373 Patch
http://www.securitytracker.com/id?1019690
http://www.vupen.com/english/advisories/2008/0974/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41474
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silc:silc_client:*:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_server:*:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:44

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html - () http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html -
References () http://secunia.com/advisories/29463 - Vendor Advisory () http://secunia.com/advisories/29463 - Vendor Advisory
References () http://secunia.com/advisories/29465 - () http://secunia.com/advisories/29465 -
References () http://secunia.com/advisories/29622 - () http://secunia.com/advisories/29622 -
References () http://secunia.com/advisories/29946 - () http://secunia.com/advisories/29946 -
References () http://security.gentoo.org/glsa/glsa-200804-27.xml - () http://security.gentoo.org/glsa/glsa-200804-27.xml -
References () http://securityreason.com/securityalert/3795 - () http://securityreason.com/securityalert/3795 -
References () http://silcnet.org/general/news/?item=client_20080320_1 - Patch () http://silcnet.org/general/news/?item=client_20080320_1 - Patch
References () http://silcnet.org/general/news/?item=server_20080320_1 - Patch () http://silcnet.org/general/news/?item=server_20080320_1 - Patch
References () http://silcnet.org/general/news/?item=toolkit_20080320_1 - Patch () http://silcnet.org/general/news/?item=toolkit_20080320_1 - Patch
References () http://www.coresecurity.com/?action=item&id=2206 - () http://www.coresecurity.com/?action=item&id=2206 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:158 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:158 -
References () http://www.securityfocus.com/archive/1/490069/100/0/threaded - () http://www.securityfocus.com/archive/1/490069/100/0/threaded -
References () http://www.securityfocus.com/bid/28373 - Patch () http://www.securityfocus.com/bid/28373 - Patch
References () http://www.securitytracker.com/id?1019690 - () http://www.securitytracker.com/id?1019690 -
References () http://www.vupen.com/english/advisories/2008/0974/references - () http://www.vupen.com/english/advisories/2008/0974/references -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41474 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41474 -
References () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html - () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html - () https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html -

Information

Published : 2008-03-31 17:44

Updated : 2024-11-21 00:44


NVD link : CVE-2008-1552

Mitre link : CVE-2008-1552

CVE.ORG link : CVE-2008-1552


JSON object : View

Products Affected

silc

  • silc_server
  • silc
  • silc_client
  • silc_toolkit

redhat

  • fedora
CWE
CWE-189

Numeric Errors