Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-7160

Published: 10 September 2009

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.

Notes

AuthorNote
kees
-fstack-protector reduces this vulnerability to a DoS

Priority

Medium

Status

Package Release Status
silc-client
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

upstream Needs triage

silc-server
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

upstream Needs triage

silc-toolkit
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Ignored

intrepid Ignored

jaunty Ignored

karmic Not vulnerable

upstream
Released (1.1.9)