silc,silc_client,silc_toolkit,silc_server 缓冲区溢出代码执行漏洞

admin

0
文章

0
评论

2023-12-12 02:20:36 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

silc,silc_client,silc_toolkit,silc_server 缓冲区溢出代码执行漏洞

CVE编号

CVE-2008-1552

利用情况

暂无

补丁情况

N/A

披露时间

2008-04-01

漏洞描述

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/29463
http://secunia.com/advisories/29465
http://secunia.com/advisories/29622
http://secunia.com/advisories/29946
http://security.gentoo.org/glsa/glsa-200804-27.xml
http://securityreason.com/securityalert/3795
http://silcnet.org/general/news/?item=client_20080320_1
http://silcnet.org/general/news/?item=server_20080320_1
http://silcnet.org/general/news/?item=toolkit_20080320_1
http://www.coresecurity.com/?action=item&id=2206
http://www.mandriva.com/security/advisories?name=MDVSA-2008:158
http://www.securityfocus.com/archive/1/490069/100/0/threaded
http://www.securityfocus.com/bid/28373
http://www.securitytracker.com/id?1019690
http://www.vupen.com/english/advisories/2008/0974/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41474
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	silc	silc	*	-
	运行在以下环境
	应用	silc	silc_client	*		Up to (including) 1.1.3
	运行在以下环境
	应用	silc	silc_server	*		Up to (including) 1.1.2
	运行在以下环境
	应用	silc	silc_toolkit	*		Up to (including) 1.1.6