CVE-2009-3051

Name	CVE-2009-3051
Description	Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
References	DSA-1879-1

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
silc-client	source	lenny	1.1.4-1+lenny1		DSA-1879-1
silc-client	source	(unstable)	1.1-2	medium
silc-server	source	(unstable)	1.1.2-1	medium
silc-toolkit	source	lenny	1.1.7-2+lenny1		DSA-1879-1
silc-toolkit	source	(unstable)	1.1.10-1	medium

Notes

silc-client/silc-server use libsilc from silc-toolkit since 1.1-2