Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New silc-client/silc-toolkit packages fix arbitrary code execution
Informations
Name DSA-1879 First vendor Publication 2009-09-04
Vendor Debian Last vendor Modification 2009-09-04
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. The Common Vulnerabilities and Exposures project identifies the following problems:

An incorrect format string in sscanf() used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases (CVE-2008-7159).

Various format string vulnerabilities when handling parsed SILC messages allow an attacker to execute arbitrary code with the rights of the victim running the SILC client via crafted nick names or channel names containing format strings (CVE-2009-3051).

An incorrect format string in a sscanf() call used in the HTTP server component of silcd could result in overwriting a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. An attacker could exploit this by using crafted Content-Length header values resulting in unexpected application behaviour or even code execution in some cases (CVE-2008-7160).

silc-server doesn't need an update as it uses the shared library provided by silc-toolkit. silc-client/silc-toolkit in the oldstable distribution (etch) is not affected by this problem.

For the stable distribution (lenny), this problem has been fixed in version 1.1.7-2+lenny1 of silc-toolkit and in version 1.1.4-1+lenny1 of silc-client.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 1.1.10-1 of silc-toolkit and version 1.1-2 of silc-client (using libsilc from silc-toolkit since this upload).

We recommend that you upgrade your silc-toolkit/silc-client packages.

Original Source

Url : http://www.debian.org/security/2009/dsa-1879

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-134 Uncontrolled Format String (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13606
 
Oval ID: oval:org.mitre.oval:def:13606
Title: DSA-1879-1 silc-client/silc-toolkit -- several
Description: Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. The Common Vulnerabilities and Exposures project identifies the following problems: An incorrect format string in sscanf used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases. Various format string vulnerabilities when handling parsed SILC messages allow an attacker to execute arbitrary code with the rights of the victim running the SILC client via crafted nick names or channel names containing format strings. An incorrect format string in a sscanf call used in the HTTP server component of silcd could result in overwriting a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. An attacker could exploit this by using crafted Content-Length header values resulting in unexpected application behaviour or even code execution in some cases. Silc-server doesn’t need an update as it uses the shared library provided by silc-toolkit. Silc-client/silc-toolkit in the oldstable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 1.1.7-2+lenny1 of silc-toolkit and in version 1.1.4-1+lenny1 of silc-client. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.1.10-1 of silc-toolkit and version 1.1-2 of silc-client. We recommend that you upgrade your silc-toolkit/silc-client packages.
Family: unix Class: patch
Reference(s): DSA-1879-1
CVE-2008-7159
CVE-2008-7160
CVE-2009-3051
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): silc-client/silc-toolkit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7974
 
Oval ID: oval:org.mitre.oval:def:7974
Title: DSA-1879 silc-client/silc-toolkit -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. The Common Vulnerabilities and Exposures project identifies the following problems: An incorrect format string in sscanf() used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases. Various format string vulnerabilities when handling parsed SILC messages allow an attacker to execute arbitrary code with the rights of the victim running the SILC client via crafted nick names or channel names containing format strings. CVE-2008-7160 An incorrect format string in a sscanf() call used in the HTTP server component of silcd could result in overwriting a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. An attacker could exploit this by using crafted Content-Length header values resulting in unexpected application behaviour or even code execution in some cases. silc-server doesn't need an update as it uses the shared library provided by silc-toolkit. silc-client/silc-toolkit in the oldstable distribution (etch) is not affected by this problem.
Family: unix Class: patch
Reference(s): DSA-1879
CVE-2008-7159
CVE-2008-7160
CVE-2009-3051
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): silc-client/silc-toolkit
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6
Application 8

OpenVAS Exploits

Date Description
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-07 (silc-toolkit silc-client)
File : nvt/glsa_201006_07.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:234-2 (silc-toolkit)
File : nvt/mdksa_2009_234_2.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-09-29 Name : SILC Client Channel Name Format String Vulnerability
File : nvt/secpod_silc_prdts_channelname_format_string_vuln.nasl
2009-09-29 Name : SILC Client Nickname Field Format String Vulnerability
File : nvt/secpod_silc_prdts_nickname_format_string_vuln.nasl
2009-09-21 Name : Mandrake Security Advisory MDVSA-2009:234 (silc-toolkit)
File : nvt/mdksa_2009_234.nasl
2009-09-21 Name : Mandrake Security Advisory MDVSA-2009:234-1 (silc-toolkit)
File : nvt/mdksa_2009_234_1.nasl
2009-09-21 Name : Mandrake Security Advisory MDVSA-2009:235 (silc-toolkit)
File : nvt/mdksa_2009_235.nasl
2009-09-15 Name : Fedora Core 11 FEDORA-2009-9342 (libsilc)
File : nvt/fcore_2009_9342.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9356 (libsilc)
File : nvt/fcore_2009_9356.nasl
2009-09-15 Name : FreeBSD Ports: silc-toolkit
File : nvt/freebsd_silc-toolkit.nasl
2009-09-09 Name : Debian Security Advisory DSA 1879-1 (silc-client/silc-toolkit)
File : nvt/deb_1879_1.nasl
2009-08-17 Name : FreeBSD Ports: silc-client, silc-irssi-client
File : nvt/freebsd_silc-client.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58033 SILC Toolkit / Client lib/silcclient/command.c Multiple Function Format String

57831 SILC Server / Toolkit silchttpserver.c Format String Memory Corruption

57830 SILC Server / Toolkit silcasn1_encode.c Format String Memory Corruption

56761 SILC Client lib/silcclient/client_entries.c Format String

Nessus® Vulnerability Scanner

Date Description
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-235.nasl - Type : ACT_GATHER_INFO
2010-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-07.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1879.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_silc-toolkit-6479.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_silc-toolkit-090908.nasl - Type : ACT_GATHER_INFO
2009-09-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_silc-toolkit-090908.nasl - Type : ACT_GATHER_INFO
2009-09-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_silc-toolkit-090908.nasl - Type : ACT_GATHER_INFO
2009-09-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-234.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9342.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9356.nasl - Type : ACT_GATHER_INFO
2009-09-09 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_24aa99709ccd11deaf10000c29a67389.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4e306850811f11de8a67000c29a67389.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:28:48
  • Multiple Updates