[BUG SUB] silc-server 1.0.2 denial of service vulnerability - silc-server
Pekka Riikonen
priikone at iki.fi
Tue Mar 6 13:10:49 CET 2007
On Tue, 6 Mar 2007, Frank Benkstein wrote:
: Software: silc-server
: Version: 1.0.2
: Operating System: Linux
: Installation: source
: Severity: critical
:
: Description:
:
: The current version of silc-server makes it possible to crash a networks
: SILC router (or standalone server), when a new channel is created. All
: it takes is to specify an invalid hmac algorithm name and no cipher
: algorithm name. This results in an null pointer dereference in
: \'SILC_SERVER_CMD_FUNC(join)\' at line 2444 in apps/silcd/command.c.
:
: Fix:
:
: I posted a fix to the Gentoo Bug tracker:
: http://bugs.gentoo.org/attachment.cgi?id=112279&action=view
:
Pat, please apply the fix and release new SILC Server.
Pekka
________________________________________________________________________
Pekka Riikonen priikone at silcnet.org
Secure Internet Live Conferencing (SILC) http://silcnet.org/
More information about the silc-devel
mailing list