1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
Candidate: CVE-2009-3163
PublicDate: 2009-09-10
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3163
Description:
Multiple format string vulnerabilities in lib/silcclient/command.c in
Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC
Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code
via format string specifiers in a channel name, related to (1)
silc_client_command_topic, (2) silc_client_command_kick, (3)
silc_client_command_leave, and (4) silc_client_command_users.
Ubuntu-Description:
Notes:
kees> Fortify-Source reduces this vulnerability to a DoS
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_silc-server:
upstream_silc-server: needs-triage
dapper_silc-server: DNE
hardy_silc-server: not-affected
intrepid_silc-server: not-affected
jaunty_silc-server: not-affected
karmic_silc-server: not-affected
devel_silc-server: not-affected
Patches_silc-client:
upstream_silc-client: needs-triage
dapper_silc-client: DNE
hardy_silc-client: not-affected
intrepid_silc-client: not-affected
jaunty_silc-client: not-affected
karmic_silc-client: not-affected
devel_silc-client: not-affected
Patches_silc-toolkit:
upstream_silc-toolkit: released (1.1.10
dapper_silc-toolkit: ignored (reached end-of-life)
hardy_silc-toolkit: ignored
intrepid_silc-toolkit: ignored
jaunty_silc-toolkit: ignored
karmic_silc-toolkit: not-affected (1.1.10-2)
devel_silc-toolkit: not-affected (1.1.10-2)
|