Security

Mandriva Linux Security Advisory 2009:234-2: silc-toolkit

Article Source Mandriva Linux Security Advisories

Multiple vulnerabilities was discovered and corrected in silc-toolkit:

Multiple format string vulnerabilities in lib/silcclient/client_entry.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and
SILC Client before 1.1.8, allow remote attackers to execute arbitrary
code via format string specifiers in a nickname field, related to the
(1) silc_client_add_client, (2) silc_client_update_client, and (3)
silc_client_nickname_format functions (CVE-2009-3051).

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in
Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows
remote attackers to overwrite a stack location and possibly execute
arbitrary code via a crafted OID value, related to incorrect use of
a %lu format string (CVE-2008-7159).

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in
the internal HTTP server in silcd in Secure Internet Live Conferencing
(SILC) Toolkit before 1.1.9 allows remote attackers to overwrite
a stack location and possibly execute arbitrary code via a crafted
Content-Length header, related to incorrect use of a %lu format string
(CVE-2008-7160).

Multiple format string vulnerabilities in lib/silcclient/command.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10,
and SILC Client 1.1.8 and earlier, allow remote attackers to execute
arbitrary code via format string specifiers in a channel name, related
to (1) silc_client_command_topic, (2) silc_client_command_kick,
(3) silc_client_command_leave, and (4) silc_client_command_users
(CVE-2009-3163).

This update provides a solution to these vulnerabilities.

Update:

Packages for MES5 was not provided previousely, this update addresses
this problem.

Packages for 2008.0 are being provided due to extended support for
Corporate products.

Article Source Mandriva Linux Security Advisories Multiple vulnerabilities was discovered and corrected in silc-toolkit: Multiple format string vulnerabilities in lib/silcclient/client_entry.cin Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, andSILC Client before 1.1.8, allow remote attackers to execute arbitrarycode via format string specifiers in a nickname field, related to the(1) silc_client_add_client, (2)…

Article Source Mandriva Linux Security Advisories Multiple vulnerabilities was discovered and corrected in silc-toolkit: Multiple format string vulnerabilities in lib/silcclient/client_entry.cin Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, andSILC Client before 1.1.8, allow remote attackers to execute arbitrarycode via format string specifiers in a nickname field, related to the(1) silc_client_add_client, (2)…

Leave a Reply

Your email address will not be published. Required fields are marked *