Executive Summary

Informations
Name MDVSA-2009:234-2 First vendor Publication 2009-12-05
Vendor Mandriva Last vendor Modification 2009-12-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities was discovered and corrected in silc-toolkit:

Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions (CVE-2009-3051).

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string (CVE-2008-7159).

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string (CVE-2008-7160).

Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users (CVE-2009-3163).

This update provides a solution to these vulnerabilities.

Update:

Packages for MES5 was not provided previousely, this update addresses this problem.

Packages for 2008.0 are being provided due to extended support for Corporate products.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:234-2

CWE : Common Weakness Enumeration

idName
CWE-134Uncontrolled Format String

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7974
 
Oval ID: oval:org.mitre.oval:def:7974
Title: DSA-1879 silc-client/silc-toolkit -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. The Common Vulnerabilities and Exposures project identifies the following problems: An incorrect format string in sscanf() used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases. Various format string vulnerabilities when handling parsed SILC messages allow an attacker to execute arbitrary code with the rights of the victim running the SILC client via crafted nick names or channel names containing format strings. CVE-2008-7160 An incorrect format string in a sscanf() call used in the HTTP server component of silcd could result in overwriting a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. An attacker could exploit this by using crafted Content-Length header values resulting in unexpected application behaviour or even code execution in some cases. silc-server doesn't need an update as it uses the shared library provided by silc-toolkit. silc-client/silc-toolkit in the oldstable distribution (etch) is not affected by this problem.
Family: unix Class: patch
Reference(s): DSA-1879
CVE-2008-7159
CVE-2008-7160
CVE-2009-3051
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): silc-client/silc-toolkit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13606
 
Oval ID: oval:org.mitre.oval:def:13606
Title: DSA-1879-1 silc-client/silc-toolkit -- several
Description: Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. The Common Vulnerabilities and Exposures project identifies the following problems: An incorrect format string in sscanf used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases. Various format string vulnerabilities when handling parsed SILC messages allow an attacker to execute arbitrary code with the rights of the victim running the SILC client via crafted nick names or channel names containing format strings. An incorrect format string in a sscanf call used in the HTTP server component of silcd could result in overwriting a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. An attacker could exploit this by using crafted Content-Length header values resulting in unexpected application behaviour or even code execution in some cases. Silc-server doesn’t need an update as it uses the shared library provided by silc-toolkit. Silc-client/silc-toolkit in the oldstable distribution is not affected by this problem. For the stable distribution, this problem has been fixed in version 1.1.7-2+lenny1 of silc-toolkit and in version 1.1.4-1+lenny1 of silc-client. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.1.10-1 of silc-toolkit and version 1.1-2 of silc-client. We recommend that you upgrade your silc-toolkit/silc-client packages.
Family: unix Class: patch
Reference(s): DSA-1879-1
CVE-2008-7159
CVE-2008-7160
CVE-2009-3051
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): silc-client/silc-toolkit
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application7
Application9

OpenVAS Exploits

DateDescription
2011-03-09Name : Gentoo Security Advisory GLSA 201006-07 (silc-toolkit silc-client)
File : nvt/glsa_201006_07.nasl
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:234-2 (silc-toolkit)
File : nvt/mdksa_2009_234_2.nasl
2009-10-19Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-09-29Name : SILC Client Channel Name Format String Vulnerability
File : nvt/secpod_silc_prdts_channelname_format_string_vuln.nasl
2009-09-29Name : SILC Client Nickname Field Format String Vulnerability
File : nvt/secpod_silc_prdts_nickname_format_string_vuln.nasl
2009-09-21Name : Mandrake Security Advisory MDVSA-2009:234 (silc-toolkit)
File : nvt/mdksa_2009_234.nasl
2009-09-21Name : Mandrake Security Advisory MDVSA-2009:234-1 (silc-toolkit)
File : nvt/mdksa_2009_234_1.nasl
2009-09-21Name : Mandrake Security Advisory MDVSA-2009:235 (silc-toolkit)
File : nvt/mdksa_2009_235.nasl
2009-09-15Name : Fedora Core 11 FEDORA-2009-9342 (libsilc)
File : nvt/fcore_2009_9342.nasl
2009-09-15Name : Fedora Core 10 FEDORA-2009-9356 (libsilc)
File : nvt/fcore_2009_9356.nasl
2009-09-15Name : FreeBSD Ports: silc-toolkit
File : nvt/freebsd_silc-toolkit.nasl
2009-09-09Name : Debian Security Advisory DSA 1879-1 (silc-client/silc-toolkit)
File : nvt/deb_1879_1.nasl
2009-08-17Name : FreeBSD Ports: silc-client, silc-irssi-client
File : nvt/freebsd_silc-client.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
58033SILC Toolkit / Client lib/silcclient/command.c Multiple Function Format String
57831SILC Server / Toolkit silchttpserver.c Format String Memory Corruption
57830SILC Server / Toolkit silcasn1_encode.c Format String Memory Corruption
56761SILC Client lib/silcclient/client_entries.c Format String

Nessus® Vulnerability Scanner

DateDescription
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-235.nasl - Type : ACT_GATHER_INFO
2010-06-02Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-07.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1879.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_silc-toolkit-6479.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing a security update.
File : suse_11_silc-toolkit-090908.nasl - Type : ACT_GATHER_INFO
2009-09-17Name : The remote openSUSE host is missing a security update.
File : suse_11_1_silc-toolkit-090908.nasl - Type : ACT_GATHER_INFO
2009-09-17Name : The remote openSUSE host is missing a security update.
File : suse_11_0_silc-toolkit-090908.nasl - Type : ACT_GATHER_INFO
2009-09-16Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-234.nasl - Type : ACT_GATHER_INFO
2009-09-10Name : The remote Fedora host is missing a security update.
File : fedora_2009-9342.nasl - Type : ACT_GATHER_INFO
2009-09-10Name : The remote Fedora host is missing a security update.
File : fedora_2009-9356.nasl - Type : ACT_GATHER_INFO
2009-09-09Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_24aa99709ccd11deaf10000c29a67389.nasl - Type : ACT_GATHER_INFO
2009-08-05Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4e306850811f11de8a67000c29a67389.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:40:43
  • Multiple Updates