Summary: | net-im/silc-server 1.0.2 denial of service vulnerability | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Frank Benkstein <benkstein> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | net-irc | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://lists.silcnet.org/pipermail/silc-devel/2007-March/001873.html | ||||||||
Whiteboard: | B3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Frank Benkstein
2007-03-06 11:47:05 UTC
Created attachment 112279 [details, diff]
silc-join-hmac.patch
silc_server_create_new_channel failing may mean a number of things. Before
the patch silcd just assumes that the cipher algorithm was not found (which
may not even be provided).
thanks for the report net-irc can you comment/confirm? tavis? Created attachment 112281 [details]
silc-join-hmac-v2.patch
The error described before may happen at multiple places. The previous patch
only fixed the issue for standalone servers and not for routers.
Yep, i was able to reproduce the bug. The patch fixes it. silc-server-1.0.2-r1 commited to the tree :) thanks Raúl arches, please test silc-server-1.0.2-r1 and mark stable if possible x86 stable. Btw, thanks Frank for the patch(forgot to say before) ppc stable FYI: silc-server 1.0.3 was just released, including this fix sparc stable. voting time /me votes yes yes++ GLSA 200703-12 thanks everyone |