*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: silc
Quoting CVE-2008-1552:
'The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in
Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client
before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute
arbitrary code via a crafted PKCS#1 message, which triggers an integer
underflow, signedness error, and a buffer overflow. NOTE: the researcher
describes this as an integer overflow, but CVE uses the "underflow" term in
cases of wraparound from unsigned subtraction.'
** Affects: silc-client (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1552
--
[silc-toolkit] [CVE-2008-1552] possible arbitrary code execution
https://bugs.launchpad.net/bugs/215002
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
