Obviously we need to start looking into some proof-of-concept code, and i am no whitefag trying to get the world to update, but to all your priv8teerz that own your own VPS' and dedi hosts, here is the security focus link of the advisory and update information.
Basically it is a format string vulnerability in a sscanf() function call in the HTTP part of SILCd that could allow execution of arbitrary code. no need to update silc-server.. just silc-client and silc-toolkit.
http://security.debian.org/pool/updates/main/s/silc-toolkit/silc-toolkit
_1.1.7-2+lenny1.dsc
Size/MD5 checksum: 1430 eff8a733cf7e4db92296533394f42b22
http://security.debian.org/pool/updates/main/s/silc-toolkit/silc-toolkit
_1.1.7.orig.tar.gz
Size/MD5 checksum: 2678989 4f2fa6678f4801fd7087b4f92dada6ee
http://security.debian.org/pool/updates/main/s/silc-toolkit/silc-toolkit
_1.1.7-2+lenny1.diff.gz
Size/MD5 checksum: 16935 1e5d1151029379a7ba135799dc1cd166
http://security.debian.org/pool/updates/main/s/silc-client/silc-client_1
.1.4-1+lenny1.dsc
Size/MD5 checksum: 1380 29601c3569b30b5e3d3307689c9c25f8
http://security.debian.org/pool/updates/main/s/silc-client/silc-client_1
.1.4.orig.tar.gz
Size/MD5 checksum: 2202993 979d46c78ace2dade513f33ad0081e85
http://security.debian.org/pool/updates/main/s/silc-client/silc-client_1
.1.4-1+lenny1.diff.gz
Size/MD5 checksum: 11593 efa43890947e5ba7a34631c689abcb60
there is the source links, and the rest for different archs are on the security focus page.
-builder
Sunday, September 6, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment