SILC Client Nickname Field Format String Vulnerability Network Vulnerability

Summary

This host has SILC Client/Toolkit installed, and is prone to Format String vulnerability.

Impact

Attackers can exploit this iisue to execute arbitrary code in the context of the affected application and compromise the system. Impact Level: Application/System

Solution

Apply the patch or upgrade to SILC Client 1.1.8. http://silcnet.org/ http://www.securityfocus.com/bid/35940/solution ***** NOTE: Please ignore this warning if the patch is already applied. *****

Insight

A format string error occurs in 'lib/silcclient/client_entry.c' while processing format string specifiers in the nickname field.

Affected

SILC Client prior to 1.1.8 SILC Toolkit prior to 1.1.10.

References

http://secunia.com/advisories/36134
http://www.openwall.com/lists/oss-security/2009/09/03/5
http://www.vupen.com/english/advisories/2009/2150

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3051
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Acrobat Unspecified vulnerability
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)

Take action and discover your vulnerabilities