Lucene search
Ubuntu.comUB:CVE-2008-7159HistorySep 10, 2009 - 12:00 a.m.
CVE-2008-7159
2009-09-1000:00:00
ubuntu.com
ubuntu.com
5
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.021 Low
EPSS
Percentile
89.1%
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure
Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote
attackers to overwrite a stack location and possibly execute arbitrary code
via a crafted OID value, related to incorrect use of a %lu format string.
Notes
| Author | Note |
|---|---|
| kees | -fstack-protector stops this exploit, reducing it to a DoS |
Related
prion
prion
Format string
2009-09-10 21:30:00
cvelist
cvelist
CVE-2008-7159
2009-09-10 21:00:00
cve
cve
CVE-2008-7159
2009-09-10 21:30:00
nessus
nessus
openSUSE Security Update : silc-toolkit (silc-toolkit-1280)
2009-09-17 00:00:00
SuSE 11 Security Update : silc-toolkit (SAT Patch Number 1282)
2009-09-24 00:00:00
openSUSE 10 Security Update : silc-toolkit (silc-toolkit-6479)
2009-10-06 00:00:00
openvas
openvas
Debian Security Advisory DSA 1879-1 (silc-client/silc-toolkit)
2009-09-09 00:00:00
Mandrake Security Advisory MDVSA-2009:234 (silc-toolkit)
2009-09-21 00:00:00
Debian: Security Advisory (DSA-1879-1)
2009-09-09 00:00:00
debian
debian
securityvulns
securityvulns
gentoo
gentoo
SILC: Multiple vulnerabilities
2010-06-01 00:00:00
osv
osv
silc-client silc-toolkit - arbitrary code execution
2009-09-04 00:00:00
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.021 Low
EPSS
Percentile
89.1%
Related for UB:CVE-2008-7159