CVE-2008-7159

Publication date 10 September 2009

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string.

Read the notes from the security team

Status

Package Ubuntu Release Status
silc-client 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
silc-server 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
silc-toolkit 9.10 karmic
Not affected
9.04 jaunty Ignored
8.10 intrepid Ignored
8.04 LTS hardy Ignored
6.06 LTS dapper Ignored end of life

Notes

kees

-fstack-protector stops this exploit, reducing it to a DoS

References

Other references

Access our resources on patching vulnerabilities