List Info

Thread: silc-server 1.0.2 denial of service vulnerability - silc-server
silc-server 1.0.2 denial of service vulnerability - silc-server
country flaguser name
Slovakia		 2007-03-06 05:52:51 
Software: silc-server
Version: 1.0.2
Operating System: Linux
Installation: source
Severity: critical

Description:

The current version of silc-server makes it possible
to crash a networks SILC router (or standalone server), when
a new channel is created. All it takes
is to specify an invalid hmac algorithm name and no cipher
algorithm name.
This results in an null pointer dereference in
'SILC_SERVER_CMD_FUNC(join)' at
line 2444 in apps/silcd/command.c.


How to repeat:

/connect yourserver
/join nonexistent -hmac nonexistent


Remote Environment:

unspecified


Fix:

I posted a fix to the Gentoo Bug tracker:
http://bugs.gentoo.org/attachment.cgi?id=112279&a
mp;action=view
____________________________________________________________
___________
Info:    https://lists.silcnet.org/mailman/listinfo/silc-announce

Archive: htt
ps://lists.silcnet.org/pipermail/silc-announce
FAQ:     http://silcnet.org/su
pport/faq/
Re: silc-server 1.0.2 denial of service vulnerability - silc-server
country flaguser name
Slovakia		 2007-03-06 06:10:49 
On Tue, 6 Mar 2007, Frank Benkstein wrote:

: Software: silc-server
: Version: 1.0.2
: Operating System: Linux
: Installation: source
: Severity: critical
: 
: Description:
: 
: The current version of silc-server makes it possible to
crash a networks 
: SILC router (or standalone server), when a new channel is
created. All 
: it takes is to specify an invalid hmac algorithm name and
no cipher 
: algorithm name. This results in an null pointer
dereference in 
: 'SILC_SERVER_CMD_FUNC(join)' at line 2444 in
apps/silcd/command.c.
: 
: Fix:
: 
: I posted a fix to the Gentoo Bug tracker:
: http://bugs.gentoo.org/attachment.cgi?id=112279&a
mp;action=view
:
Pat, please apply the fix and release new SILC Server.

	Pekka
____________________________________________________________
____________
 Pekka Riikonen                                 priikone at
silcnet.org
 Secure Internet Live Conferencing (SILC)       http://silcnet.org/
____________________________________________________________
___________
Info:    https://lists.silcnet.org/mailman/listinfo/silc-announce

Archive: htt
ps://lists.silcnet.org/pipermail/silc-announce
FAQ:     http://silcnet.org/su
pport/faq/
Re: silc-server 1.0.2 denial of service vulnerability - silc-server
country flaguser name
Austria		 2007-03-06 13:53:30 

--On 06. März 2007 13:10:49 +0100 Pekka Riikonen
<priikoneiki.fi> wrote:

> On Tue, 6 Mar 2007, Frank Benkstein wrote:
>
> : Software: silc-server
> : Version: 1.0.2
> : Operating System: Linux
> : Installation: source
> : Severity: critical
> :
> : Description:
> :
> : The current version of silc-server makes it possible
to crash a
> networks  : SILC router (or standalone server), when a
new channel is
> created. All  : it takes is to specify an invalid hmac
algorithm name and
> no cipher  : algorithm name. This results in an null
pointer dereference
> in  : 'SILC_SERVER_CMD_FUNC(join)' at line 2444 in
apps/silcd/command.c.
> :
> : Fix:
> :
> : I posted a fix to the Gentoo Bug tracker:
> : http://bugs.gentoo.org/attachment.cgi?id=112279&a
mp;action=view
> :
> Pat, please apply the fix and release new SILC Server.
>

Yup, will do that tomorrow.

Patrik
____________________________________________________________
___________
Info:    https://lists.silcnet.org/mailman/listinfo/silc-announce

Archive: htt
ps://lists.silcnet.org/pipermail/silc-announce
FAQ:     http://silcnet.org/su
pport/faq/
Re: silc-server 1.0.2 denial of service vulnerability - silc-server
user name
 2007-03-06 22:23:01 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Patrik Weiskircher <paticore.at> writes:

> --On 06. März 2007 13:10:49 +0100 Pekka Riikonen
<priikoneiki.fi> wrote:
>
>> Pat, please apply the fix and release new SILC
Server.
>>
>
> Yup, will do that tomorrow.

Thanks for such a quick turnaround on a nasty problem,
folks.  This is
what a good security response should be.

i've also posted an updated version of the debian package to
the
normal place i've been serving my unofficial .debs:

  http://l
air.fifthhorseman.net/~dkg/src/silc/

the sha1sums for those files should be:

b6862388569e5a6d6ff08ff84d410421ff5f7fce 
silc-server_1.0.3-1.diff.gz
5a327d43c85b24a9afd39f8242f1d3e5ea1cdc1c 
silc-server_1.0.3-1.dsc
3da59f06451a9c088bbe9398aaf75b96e8897078 
silc-server_1.0.3-1_i386.build
12c1767b7ab2b690019d62d2377e4f28364a2947 
silc-server_1.0.3-1_i386.changes
70a984517ab3dd159ae9abe5c6881d3dbea90046 
silc-server_1.0.3-1_i386.deb
e055c69b8e0ecc7640de821a86438e4c1c1739d6 
silc-server_1.0.3.orig.tar.gz

I continue to be uneasy about the debian packaging for
silc-server,
but don't have the time to really overhaul it properly, so
i'm just
pushing along the old changset and making little tweaks when
suggested
by lintian or linda.

Let me know if there are any questions,

            --dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcryp
t.sourceforge.net/>

iD8DBQFF7j3liXTlFKVLY2URAsgyAJ0TRhV022nKOaGPgr2v9bP7jIOPQwCg
s8b+
YV5ukuMAILc3LSw98CudJZE=
=1xAJ
-----END PGP SIGNATURE-----
____________________________________________________________
___________
Info:    https://lists.silcnet.org/mailman/listinfo/silc-announce

Archive: htt
ps://lists.silcnet.org/pipermail/silc-announce
FAQ:     http://silcnet.org/su
pport/faq/
Re: silc-server 1.0.2 denial of service vulnerability - silc-server
user name
 2007-03-07 13:20:27 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Kahn Gillmor <dkg-silcfifthhorseman.net>
writes:

> i've also posted an updated version of the debian
package to the
> normal place i've been serving my unofficial .debs:
>
>   http://l
air.fifthhorseman.net/~dkg/src/silc/

i've built backported packages for debian sarge as well now,
available
from the same place.  The sha1sums for the sarge packages
should be:

faafd9208f9662f09ba42ca548e2acf67e7b6c5f 
silc-server_1.0.3-1~sarge_dkg1.diff.gz
73f573bc44f1b726cc0a9fe41280a7118d33baf6 
silc-server_1.0.3-1~sarge_dkg1.dsc
324f37ab6a96b5a660fc8539bdd47af0f3d34f52 
silc-server_1.0.3-1~sarge_dkg1_i386.build
e885372df1520a099e27cedf0a90a3ee01620d0b 
silc-server_1.0.3-1~sarge_dkg1_i386.changes
25ac481d385bd298fbae0b8d9e754ee8f7e9aa40 
silc-server_1.0.3-1~sarge_dkg1_i386.deb

NOTE: i have tried (and am using) the debian etch packages. 
I have
*not* tested the sarge packages at all, aside from building
them.

I'm always happy to hear feedback from folks who use the
packages,
whether you have problems with them or not.

Regards,

        --dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcryp
t.sourceforge.net/>

iD4DBQFF7xBViXTlFKVLY2URAiR/AJd27+w/PJhl4uWw2Q6ceHJkpkNCAJ42
rIsN
bxpjG4E5em2Eyg3/ckbdMw==
=M4sT
-----END PGP SIGNATURE-----
____________________________________________________________
___________
Info:    https://lists.silcnet.org/mailman/listinfo/silc-announce

Archive: htt
ps://lists.silcnet.org/pipermail/silc-announce
FAQ:     http://silcnet.org/su
pport/faq/
[1-5]

about | contact  Other archives ( Real Estate discussion Medical topics )