Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-7160

The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009083...
MLIST: [oss-security] 2009090...
CONFIRM: http://silcnet.org/doc...
CONFIRM: http://silcnet.org/gen...
DEBIAN: DSA-1879
BID: 36194
SECUNIA: 36614
SECUNIA: 36625
SUSE: SUSE-SR:2009:016
MANDRIVA: MDVSA-2009:234

Launchpad.net

CVE 2008-7160

Related bugs

References