[Bug 202752] Re: [CVE-2008-1227] Stack-based buffer overflow causes DoS

2017-10-27 Thread Bug Watch Updater
Launchpad has imported 13 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=372021.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2007-11-09T01:51:23+00:00 Nathan wrote:

Description of problem:
pidgin crashes on login to a silc account. I tried setting it up fresh, and from
old setup. Both caused the crash.

Version-Release number of selected component (if applicable):
pidgin-2.2.2-1.fc8.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Install pidgin
2. Run pidgin
3. Setup silc account
  
Actual results:
Crash

Expected results:
Runs normally

Additional info:
If run from a terminal window it mentions a buffer overflow.

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/0


On 2007-11-26T21:40:18+00:00 luca wrote:

I can confirm this odd behavior that happens just with silc accounts.
A workaround for this problem is to downgrade to libsilc-1.0.2-2.fc6, the one
installed by default under fedora 7. 
This suggest to me that the problem could be in libsilc itself but I didn't
investigate deeper.


Reply at: 
https://bugs.launchpad.net/ubuntu/+source/silc-toolkit/+bug/202752/comments/1


On 2008-01-04T03:04:16+00:00 Stu wrote:

I think we'll need a backtrace with both pidgin-debuginfo and libsilc-debuginfo
installed to be able to get anywhere with this.

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/2


On 2008-01-06T15:07:58+00:00 luca wrote:

Created attachment 290915
Backtrace with debuginfo

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/3


On 2008-01-06T18:13:35+00:00 Stu wrote:

This appears to be a libsilc problem, could you please try this libsilc package
to see if the crash is fixed, and if you are now able to log in to silc?
http://koji.fedoraproject.org/scratch/nosnilmot/task_328484/

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/4


On 2008-01-06T21:56:19+00:00 luca wrote:

This seems to solve the problem for me. Now I can log in to silc without
crashing pidgin anymore.

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/5


On 2008-01-26T15:42:54+00:00 Fedora wrote:

libsilc-1.0.2-5.fc7 has been submitted as an update for Fedora 7

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/6


On 2008-01-26T15:42:57+00:00 Fedora wrote:

libsilc-1.0.2-5.fc8 has been submitted as an update for Fedora 8

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/7


On 2008-01-27T07:14:10+00:00 Fedora wrote:

libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 testing repository.  If 
problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libsilc'.  You can provide 
feedback for this update here: 
http://admin.fedoraproject.org/F8/FEDORA-2008-1041

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/8


On 2008-02-28T21:35:52+00:00 Fedora wrote:

libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 stable repository.
If problems still persist, please make note of it in this bug report.

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/9


On 2008-02-28T21:46:11+00:00 Fedora wrote:

libsilc-1.0.2-5.fc7 has been pushed to the Fedora 7 stable repository.
If problems still persist, please make note of it in this bug report.

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/10


On 2008-03-11T21:01:54+00:00 Lubomir wrote:

I'm not convinced the contents of the buffer are in attacker's control; did
anyone conduct some investigation?

Reply at: https://bugs.launchpad.net/ubuntu/+source/silc-
toolkit/+bug/202752/comments/11


[Bug 202752] Re: [CVE-2008-1227] Stack-based buffer overflow causes DoS

2008-03-17 Thread Launchpad Bug Tracker
This bug was fixed in the package silc-toolkit - 1.1.5-1ubuntu1

---
silc-toolkit (1.1.5-1ubuntu1) hardy; urgency=low

  * SECURITY UPDATE: arbitrary code execution and denial of service via buffer
overflow.
- lib/silcutil/silcutil.c: Check the length of the fingerprint. Patch from
  upstream. (LP: #202752)
- References:
  + CVE-2008-1227
  * Modify Maintainer value to match the DebianMaintainerField
specification.

 -- William Grant [EMAIL PROTECTED]   Sun, 16 Mar 2008
17:11:05 +1100

** Changed in: silc-toolkit (Ubuntu)
   Status: Fix Committed = Fix Released

-- 
[CVE-2008-1227] Stack-based buffer overflow causes DoS
https://bugs.launchpad.net/bugs/202752
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 202752] Re: [CVE-2008-1227] Stack-based buffer overflow causes DoS

2008-03-16 Thread William Grant

** Attachment added: upstream patch
   http://launchpadlibrarian.net/12692673/CVE-2008-1227.patch

-- 
[CVE-2008-1227] Stack-based buffer overflow causes DoS
https://bugs.launchpad.net/bugs/202752
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 202752] Re: [CVE-2008-1227] Stack-based buffer overflow causes DoS

2008-03-16 Thread William Grant
I've uploaded a Hardy fix, and the same patch is easily applied to all
previous releases. However, a comment in the Fedora bug indicates that
downgrading fixed the crash, which probably means the vulnerability is
mitigated by something else in previous releases (except perhaps Gutsy).
There's also no known exploit, so we can't test it. I'm not confident to
push it out to stable releases.

** Changed in: silc-toolkit (Ubuntu)
 Assignee: (unassigned) = William Grant (fujitsu)
   Status: Confirmed = Fix Committed

-- 
[CVE-2008-1227] Stack-based buffer overflow causes DoS
https://bugs.launchpad.net/bugs/202752
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 202752] Re: [CVE-2008-1227] Stack-based buffer overflow causes DoS

2008-03-16 Thread Bug Watch Updater
** Changed in: silc-toolkit (Fedora)
   Status: Unknown = Fix Released

-- 
[CVE-2008-1227] Stack-based buffer overflow causes DoS
https://bugs.launchpad.net/bugs/202752
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs