FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

silc -- pkcs_decode buffer overflow

Affected packages
silc-client < 1.1.4
silc-irssi-client < 1.1.4
silc-server < 1.1.2

Details

VuXML ID ff304c35-fb5b-11dc-91c1-00e0815b8da8
Discovery 2008-03-25
Entry 2008-03-26

Core Security Technologies reports:

A remote buffer overflow vulnerability found in a library used by both the SILC server and client to process packets containing cryptographic material may allow an un-authenticated client to executearbitrary code on the server with the privileges of the user account running the server, or a malicious SILC server to compromise client systems and execute arbitrary code with the privileges of the user account running the SILC client program.

References

Bugtraq ID 28373
URL http://www.coresecurity.com/?action=item&id=2206