Secure Internet Live Conferencing (SILC) Can Be Crashed By Remote Users With a NEW_CLIENT Packet

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker Alert ID: 1019711

SecurityTracker URL: http://securitytracker.com/id/1019711

CVE Reference: CVE-2008-1429 (Links to External Site)

Date: Mar 26 2008

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): prior to 1.1.1

Description: A vulnerability was reported in Secure Internet Live Conferencing (SILC). A remote user can cause denial of service conditions.

A remote user can send a specially crafted NEW_CLIENT packet without a nickname to cause the target service to crash.

Impact: A remote user can cause the target service to crash.

Solution: The vendor has issued a fixed version (1.1.1).

The vendor's advisory is available at:

http://silcnet.org/docs/release/SILC%20Server%201.1.1

Vendor URL: www.silcnet.org/ (Links to External Site)

Cause: Exception handling error

Underlying OS: Linux (Any), UNIX (Any)

Message History: None.

Date: Wed, 26 Mar 2008 11:12:31 -0500
Subject: Secure Internet Live Conferencing (SILC) Server


CVE-2008-1429

http://silcnet.org/docs/release/SILC%20Server%201.1.1