Debian Security Advisory 1879 silc-client/silc-toolkit – several vulnerabilities

26
Article Source Debian Security Advisories
September 3, 2009, 5:00 pm

Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2008-7159

    An incorrect format string in sscanf() used in the ASN1 encoder to scan an OID value could overwrite a neighbouring variable on the stack as the destination data type is smaller than the source type on 64-bit. On 64-bit architectures this could result in unexpected application behaviour or even code execution in some cases…