Lucene search
Ubuntu.comUB:CVE-2008-7160HistorySep 10, 2009 - 12:00 a.m.
CVE-2008-7160
2009-09-1000:00:00
ubuntu.com
ubuntu.com
12
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
EPSS
0.021
Percentile
89.2%
The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the
internal HTTP server in silcd in Secure Internet Live Conferencing (SILC)
Toolkit before 1.1.9 allows remote attackers to overwrite a stack location
and possibly execute arbitrary code via a crafted Content-Length header,
related to incorrect use of a %lu format string.
Notes
| Author | Note |
|---|---|
| kees | -fstack-protector reduces this vulnerability to a DoS |
Related
cve
cve
CVE-2008-7160
2009-09-10 21:30:01
fedora
fedora
[SECURITY] Fedora 10 Update: libsilc-1.1.8-7.fc10
2009-09-10 03:42:49
[SECURITY] Fedora 11 Update: libsilc-1.1.8-7.fc11
2009-09-10 03:44:09
openvas
openvas
Fedora Core 10 FEDORA-2009-9356 (libsilc)
2009-09-15 00:00:00
Fedora Core 11 FEDORA-2009-9342 (libsilc)
2009-09-15 00:00:00
Fedora Core 10 FEDORA-2009-9356 (libsilc)
2009-09-15 00:00:00
prion
prion
Format string
2009-09-10 21:30:00
cvelist
cvelist
CVE-2008-7160
2009-09-10 21:00:00
nessus
nessus
Fedora 11 : libsilc-1.1.8-7.fc11 (2009-9342)
2009-09-10 00:00:00
Fedora 10 : libsilc-1.1.8-7.fc10 (2009-9356)
2009-09-10 00:00:00
openSUSE Security Update : silc-toolkit (silc-toolkit-1280)
2009-09-17 00:00:00
nvd
nvd
CVE-2008-7160
2009-09-10 21:30:01
securityvulns
securityvulns
debian
debian
osv
osv
silc-client silc-toolkit - arbitrary code execution
2009-09-04 00:00:00
gentoo
gentoo
SILC: Multiple vulnerabilities
2010-06-01 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
EPSS
0.021
Percentile
89.2%
Related for UB:CVE-2008-7160