CVE-2008-7160

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://secunia.com/advisories/36614	Vendor Advisory
http://secunia.com/advisories/36625	Vendor Advisory
http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.9	Patch Vendor Advisory
http://silcnet.org/general/news/news_toolkit.php	Patch Vendor Advisory
http://www.debian.org/security/2009/dsa-1879	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:234
http://www.openwall.com/lists/oss-security/2009/08/31/5
http://www.openwall.com/lists/oss-security/2009/09/03/5
http://www.securityfocus.com/bid/36194	Patch
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://secunia.com/advisories/36614	Vendor Advisory
http://secunia.com/advisories/36625	Vendor Advisory
http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.9	Patch Vendor Advisory
http://silcnet.org/general/news/news_toolkit.php	Patch Vendor Advisory
http://www.debian.org/security/2009/dsa-1879	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:234
http://www.openwall.com/lists/oss-security/2009/08/31/5
http://www.openwall.com/lists/oss-security/2009/09/03/5
http://www.securityfocus.com/bid/36194	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:silcnet:silc_toolkit::::::::
	cpe:2.3:a:silcnet:silc_toolkit:1.1:::::::*
	cpe:2.3:a:silcnet:silc_toolkit:1.1.1:::::::*
	cpe:2.3:a:silcnet:silc_toolkit:1.1.2:::::::*
	cpe:2.3:a:silcnet:silc_toolkit:1.1.3:::::::*
	cpe:2.3:a:silcnet:silc_toolkit:1.1.4:::::::*
	cpe:2.3:a:silcnet:silc_toolkit:1.1.5:::::::*
	cpe:2.3:a:silcnet:silc_toolkit:1.1.6:::::::*

History

21 Nov 2024, 00:58

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html -
References	~~() http://secunia.com/advisories/36614 - Vendor Advisory~~	() http://secunia.com/advisories/36614 - Vendor Advisory
References	~~() http://secunia.com/advisories/36625 - Vendor Advisory~~	() http://secunia.com/advisories/36625 - Vendor Advisory
References	~~() http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.9 - Patch, Vendor Advisory~~	() http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.9 - Patch, Vendor Advisory
References	~~() http://silcnet.org/general/news/news_toolkit.php - Patch, Vendor Advisory~~	() http://silcnet.org/general/news/news_toolkit.php - Patch, Vendor Advisory
References	~~() http://www.debian.org/security/2009/dsa-1879 - Patch~~	() http://www.debian.org/security/2009/dsa-1879 - Patch
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2009:234 -
References	~~() http://www.openwall.com/lists/oss-security/2009/08/31/5 -~~	() http://www.openwall.com/lists/oss-security/2009/08/31/5 -
References	~~() http://www.openwall.com/lists/oss-security/2009/09/03/5 -~~	() http://www.openwall.com/lists/oss-security/2009/09/03/5 -
References	~~() http://www.securityfocus.com/bid/36194 - Patch~~	() http://www.securityfocus.com/bid/36194 - Patch

Information

Published : 2009-09-10 21:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-7160

Mitre link : CVE-2008-7160

CVE.ORG link : CVE-2008-7160

JSON object : View

Products Affected

silcnet

silc_toolkit

CWE

CWE-134

Use of Externally-Controlled Format String

5.8 /10