Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201006-07
HistoryJun 01, 2010 - 12:00 a.m.

SILC: Multiple vulnerabilities

2010-06-0100:00:00
Gentoo Foundation
security.gentoo.org
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.115 Low

EPSS

Percentile

95.2%

JSON

Background

SILC (Secure Internet Live Conferencing protocol) Toolkit is a software development kit for use in clients, and SILC Client is an IRSSI-based text client.

Description

Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client. For further information please consult the CVE entries referenced below.

Impact

A remote attacker could overwrite stack locations and possibly execute arbitrary code via a crafted OID value, Content-Length header or format string specifiers in a nickname field or channel name.

Workaround

There is no known workaround at this time.

Resolution

All SILC Toolkit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-im/silc-toolkit-1.1.10"

All SILC Client users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-im/silc-client-1.1.8"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-im/silc-toolkit< 1.1.10UNKNOWN
Gentooanyallnet-im/silc-client< 1.1.8UNKNOWN

Related

osv 1
openvas 26
nessus 12
debian 2
securityvulns 2
prion 4
ubuntucve 4
cve 4
fedora 2
freebsd 2
osv
osv
silc-client silc-toolkit - arbitrary code execution
2009-09-04 00:00:00
openvas
openvas
Mandriva Security Advisory MDVSA-2009:234-2 (silc-toolkit)
2009-12-10 00:00:00
Gentoo Security Advisory GLSA 201006-07 (silc-toolkit silc-client)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201006-07 (silc-toolkit silc-client)
2011-03-09 00:00:00
nessus
nessus
Debian DSA-1879-1 : silc-client/silc-toolkit - several vulnerabilities
2010-02-24 00:00:00
GLSA-201006-07 : SILC: Multiple vulnerabilities
2010-06-02 00:00:00
Mandriva Linux Security Advisory : silc-toolkit (MDVSA-2009:234-2)
2009-09-16 00:00:00
debian
debian
[SECURITY] [DSA 1879-1] New silc-client/silc-toolkit packages fix arbitrary code execution
2009-09-04 15:18:33
[Backports-security-announce] Security update for silc-client/silc-toolkit
2009-09-20 13:08:11
securityvulns
securityvulns
[SECURITY] [DSA 1879-1] New silc-client/silc-toolkit packages fix arbitrary code execution
2009-09-04 00:00:00
silc format string vulnerability
2009-09-04 00:00:00
prion
prion
Format string
2009-09-10 21:30:00
Format string
2009-09-10 21:30:00
Format string
2009-09-10 18:30:00
ubuntucve
ubuntucve
CVE-2008-7159
2009-09-10 00:00:00
CVE-2008-7160
2009-09-10 00:00:00
CVE-2009-3051
2009-09-10 00:00:00
cve
cve
CVE-2009-3163
2009-09-10 21:30:00
CVE-2008-7160
2009-09-10 21:30:00
CVE-2008-7159
2009-09-10 21:30:00
fedora
fedora
[SECURITY] Fedora 11 Update: libsilc-1.1.8-7.fc11
2009-09-10 03:44:09
[SECURITY] Fedora 10 Update: libsilc-1.1.8-7.fc10
2009-09-10 03:42:49
freebsd
freebsd
silc-toolkit -- Format string vulnerabilities
2009-08-07 00:00:00
silc-client -- Format string vulnerability
2009-07-31 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.115 Low

EPSS

Percentile

95.2%

JSON
Related for GLSA-201006-07
osv1openvas26nessus12debian2securityvulns2prion4ubuntucve4cve4fedora2freebsd2