Bug 438382 - CVE-2008-1552 libsilc buffer overflow from PKCS#1 message decoding
Summary: CVE-2008-1552 libsilc buffer overflow from PKCS#1 message decoding
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: libsilc
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Stu Tomlinson
QA Contact: Fedora Extras Quality Assurance
URL: http://silcnet.org/docs/release/SILC%...
Whiteboard: source=redhat,reported=20080321,publi...
Depends On:
Blocks: CVE-2008-1552
TreeView+ depends on / blocked
 
Reported: 2008-03-20 17:43 UTC by Stu Tomlinson
Modified: 2008-04-08 20:04 UTC (History)
2 users (show)

Fixed In Version: libsilc-1.1.7-1.fc9
Clone Of:
Environment:
Last Closed: 2008-04-08 20:04:46 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Stu Tomlinson 2008-03-20 17:43:33 UTC 
Description of problem:

SILC Toolkit contains a possible buffer overflow from PKCS#1 message decoding in
versions earlier than 1.1.7. Specially crafted digital signature can be used to
crash the program.

I plan to update to SILC Toolkit 1.1.7 in rawhide, and backport the patch to
1.0.2 in Fedora 7 & Fedora 8.
Comment 1 Lubomir Kundrak 2008-03-21 14:49:17 UTC 
This is public, no need to mark it Security sensitive.
CVE name was requested.
Comment 2 Fedora Update System 2008-03-21 16:56:15 UTC 
libsilc-1.0.2-6.fc7 has been submitted as an update for Fedora 7
Comment 3 Fedora Update System 2008-03-21 16:56:16 UTC 
libsilc-1.0.2-6.fc8 has been submitted as an update for Fedora 8
Comment 4 Fedora Update System 2008-03-21 22:14:05 UTC 
libsilc-1.0.2-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2008-03-21 22:17:34 UTC 
libsilc-1.0.2-6.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Lubomir Kundrak 2008-03-24 10:16:09 UTC 
This is just a crash, probably caught by FORTIFY_SOURCE. No arbitrary code
execution possible.
Comment 7 David Juran 2008-03-25 09:23:11 UTC 
Somehow libsilc-1.0.2-6.fc8 doesn't seem to have made it into F8...
Comment 8 Lubomir Kundrak 2008-04-08 20:00:04 UTC 
Final Freeze is in effect now. Security fixes almost certainly warrant a freeze
break, so in case you build a fix for this, mail release engineering as
described here: [2]

[1] https://www.redhat.com/archives/fedora-devel-announce/2008-April/msg00007.html
[2] http://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy

Thanks!
Comment 9 Stu Tomlinson 2008-04-08 20:04:46 UTC 
The fix for this is in libsilc-1.1.7-1, which has been in rawhide for a while
now. The updates for Fedora 7 and Fedora 8 have already gone out too.
Note You need to log in before you can comment on or make changes to this bug.