CVE-2008-7160

Publication date 10 September 2009

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.

Read the notes from the security team

Status

Package Ubuntu Release Status
silc-client 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
silc-server 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
silc-toolkit 9.10 karmic
Not affected
9.04 jaunty Ignored
8.10 intrepid Ignored
8.04 LTS hardy Ignored
6.06 LTS dapper Ignored end of life

Notes

kees

-fstack-protector reduces this vulnerability to a DoS

References

Other references

Access our resources on patching vulnerabilities