CVE-2008-1552 - The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Confer

CVE-2008-1552

Summary

The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

References

Vulnerable Configurations

cpe:2.3:a:silc:silc_client:*:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_client:*:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_server:*:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_server:*:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc:*:*:*:*:*:*:*:*
cpe:2.3:a:silc:silc:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-10-2018 - 20:35)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	28373
bugtraq	20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow
confirm	http://silcnet.org/general/news/?item=client_20080320_1 http://silcnet.org/general/news/?item=server_20080320_1 http://silcnet.org/general/news/?item=toolkit_20080320_1
fedora	FEDORA-2008-2616 FEDORA-2008-2641
gentoo	GLSA-200804-27
mandriva	MDVSA-2008:158
misc	http://www.coresecurity.com/?action=item&id=2206
sectrack	1019690
secunia	29463 29465 29622 29946
sreason	3795
suse	SUSE-SR:2008:008
vupen	ADV-2008-0974
xf	silc-silcpkcs1decode-bo(41474)

statements via4

contributor	Joshua Bressers
lastmodified	2008-04-23
organization	Red Hat
statement	Red Hat does not consider this issue to be a security flaw as SILC is not used in a vulnerable manner in Red Hat Enterprise Linux 4 and 5. More information can be found here: https://bugzilla.redhat.com/show_bug.cgi?id=440049

Last major update

11-10-2018 - 20:35

Published

31-03-2008 - 17:44

Last modified

11-10-2018 - 20:35