ID CVE-2008-1552
Summary The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.
References
Vulnerable Configurations
  • cpe:2.3:a:silc:silc_client:1.1.3
    cpe:2.3:a:silc:silc_client:1.1.3
  • cpe:2.3:a:silc:silc_server:1.1.2
    cpe:2.3:a:silc:silc_server:1.1.2
  • cpe:2.3:a:silc:silc_toolkit:1.1.6
    cpe:2.3:a:silc:silc_toolkit:1.1.6
  • Fedora 7
    cpe:2.3:o:redhat:fedora:7
  • Red Hat fedora 8
    cpe:2.3:o:redhat:fedora:8
  • cpe:2.3:a:silc:silc
    cpe:2.3:a:silc:silc
CVSS
Base: 6.8 (as of 01-04-2008 - 09:34)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200804-27.NASL
    description The remote host is affected by the vulnerability described in GLSA-200804-27 (SILC: Multiple vulnerabilities) Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow (CVE-2008-1227). A vulnerability has been reported in SILC Server which is caused due to an error in the handling of 'NEW_CLIENT' packets that do not contain a nickname (CVE-2008-1429). Ariel Waissbein, Pedro Varangot, Martin Mizrahi, Oren Isacson, Carlos Garcia, and Ivan Arce of Core Security Technologies reported that SILC Client, Server, and Toolkit contain a vulnerability in the silc_pkcs1_decode() function in the silccrypt library (silcpkcs1.c), resulting in an integer underflow, signedness error, and a buffer overflow (CVE-2008-1552). Impact : A remote attacker could exploit these vulnerabilities to cause a Denial of Service or execute arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 32073
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32073
    title GLSA-200804-27 : SILC: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-2641.NASL
    description This update fixes a buffer overflow in PKCS#1 message decoding Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31669
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31669
    title Fedora 8 : libsilc-1.0.2-6.fc8 (2008-2641)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-2616.NASL
    description This update fixes a buffer overflow in PKCS#1 message decoding Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31666
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31666
    title Fedora 7 : libsilc-1.0.2-6.fc7 (2008-2616)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_FF304C35FB5B11DC91C100E0815B8DA8.NASL
    description Core Security Technologies reports : A remote buffer overflow vulnerability found in a library used by both the SILC server and client to process packets containing cryptographic material may allow an un-authenticated client to executearbitrary code on the server with the privileges of the user account running the server, or a malicious SILC server to compromise client systems and execute arbitrary code with the privileges of the user account running the SILC client program.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 31693
    published 2008-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31693
    title FreeBSD : silc -- pkcs_decode buffer overflow (ff304c35-fb5b-11dc-91c1-00e0815b8da8)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-158.NASL
    description A vulnerability was found in the SILC toolkit before version 1.1.5 that allowed a remote attacker to cause a denial of service (crash), or possibly execute arbitrary code via long input data (CVE-2008-1227). A vulnerability was found in the SILC toolkit before version 1.1.7 that allowed a remote attacker to execute arbitrary code via a crafted PKCS#2 message (CVE-2008-1552). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36632
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36632
    title Mandriva Linux Security Advisory : silc-toolkit (MDVSA-2008:158)
refmap via4
bid 28373
bugtraq 20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow
confirm
fedora
  • FEDORA-2008-2616
  • FEDORA-2008-2641
gentoo GLSA-200804-27
mandriva MDVSA-2008:158
misc http://www.coresecurity.com/?action=item&id=2206
sectrack 1019690
secunia
  • 29463
  • 29465
  • 29622
  • 29946
sreason 3795
suse SUSE-SR:2008:008
vupen ADV-2008-0974
xf silc-silcpkcs1decode-bo(41474)
statements via4
contributor Joshua Bressers
lastmodified 2008-04-23
organization Red Hat
statement Red Hat does not consider this issue to be a security flaw as SILC is not used in a vulnerable manner in Red Hat Enterprise Linux 4 and 5. More information can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=440049
Last major update 07-03-2011 - 22:07
Published 31-03-2008 - 13:44
Last modified 11-10-2018 - 16:35
Back to Top