lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200703061848.08684.a.heidenreich@blacksec.de>
Date: Tue, 6 Mar 2007 18:48:08 +0100
From: Alexander Heidenreich <a.heidenreich@...cksec.de>
To: full-disclosure@...ts.grok.org.uk
Subject: silc-server 1.0.2 denial-of-service vulnerability

Hi,

there is a bug in the current version of silc-server that makes it
possible to crash a networks SILC router or a standalone server, when a
new channel is created. All it takes is to specify an invalid hmac
algorithm name and no cipher algorithm name. This results in an null
pointer dereference in 'SILC_SERVER_CMD_FUNC(join)' at line 2444 in
apps/silcd/command.c.

To reproduce:

/connect yourserver
/join nonexistent -hmac nonexistent

The attached patch fixes the problem.

Best regards,
Frank Benkstein

-- 
GPG (Mail): 7093 7A43 CC40 463A 5564  599B 88F6 D625 BE63 866F
GPG (XMPP): 2243 DBBA F234 7C5A 6D71  3983 9F28 4D03 7110 6D51


View attachment "silc-join-hmac.patch" of type "text/x-diff" (2882 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ