[BUG SUB] silc-server 1.0.2 denial of service vulnerability - silc-server
Patrik Weiskircher
pat at icore.at
Tue Mar 6 20:53:30 CET 2007
--On 06. März 2007 13:10:49 +0100 Pekka Riikonen <priikone at iki.fi> wrote:
> On Tue, 6 Mar 2007, Frank Benkstein wrote:
>
> : Software: silc-server
> : Version: 1.0.2
> : Operating System: Linux
> : Installation: source
> : Severity: critical
> :
> : Description:
> :
> : The current version of silc-server makes it possible to crash a
> networks : SILC router (or standalone server), when a new channel is
> created. All : it takes is to specify an invalid hmac algorithm name and
> no cipher : algorithm name. This results in an null pointer dereference
> in : \'SILC_SERVER_CMD_FUNC(join)\' at line 2444 in apps/silcd/command.c.
> :
> : Fix:
> :
> : I posted a fix to the Gentoo Bug tracker:
> : http://bugs.gentoo.org/attachment.cgi?id=112279&action=view
> :
> Pat, please apply the fix and release new SILC Server.
>
Yup, will do that tomorrow.
Patrik
More information about the silc-devel
mailing list