[Full-disclosure] silc-server 1.0.2 denial-of-service vulnerability
Alexander Heidenreich
a.heidenreich at blacksec.de
Tue Mar 6 17:48:08 GMT 2007
Hi,
there is a bug in the current version of silc-server that makes it
possible to crash a networks SILC router or a standalone server, when a
new channel is created. All it takes is to specify an invalid hmac
algorithm name and no cipher algorithm name. This results in an null
pointer dereference in 'SILC_SERVER_CMD_FUNC(join)' at line 2444 in
apps/silcd/command.c.
To reproduce:
/connect yourserver
/join nonexistent -hmac nonexistent
The attached patch fixes the problem.
Best regards,
Frank Benkstein
--
GPG (Mail): 7093 7A43 CC40 463A 5564 599B 88F6 D625 BE63 866F
GPG (XMPP): 2243 DBBA F234 7C5A 6D71 3983 9F28 4D03 7110 6D51
-------------- next part --------------
A non-text attachment was scrubbed...
Name: silc-join-hmac.patch
Type: text/x-diff
Size: 2882 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070306/10bbcc7f/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.