|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alexander Heidenreich (a.heidenreich
blacksec.de)
Date: Tue Mar 06 2007 - 11:48:08 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
there is a bug in the current version of silc-server that makes it
possible to crash a networks SILC router or a standalone server, when a
new channel is created. All it takes is to specify an invalid hmac
algorithm name and no cipher algorithm name. This results in an null
pointer dereference in 'SILC_SERVER_CMD_FUNC(join)' at line 2444 in
apps/silcd/command.c.
To reproduce:
/connect yourserver
/join nonexistent -hmac nonexistent
The attached patch fixes the problem.
Best regards,
Frank Benkstein
--
GPG (Mail): 7093 7A43 CC40 463A 5564 599B 88F6 D625 BE63 866F
GPG (XMPP): 2243 DBBA F234 7C5A 6D71 3983 9F28 4D03 7110 6D51
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- text/x-diff attachment: silc-join-hmac.patch
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]