FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

hashcash -- format string vulnerability

Affected packages
hashcash < 1.17

Details

VuXML ID 5ebfe901-a3cb-11d9-b248-000854d03344
Discovery 2005-03-06
Entry 2005-04-02
Modified 2005-04-03

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address.

Successful exploitation would permit an attacker to disrupt Hashcash users, and potentially execute arbitrary code.

[source]

References

CVE Name CVE-2005-0687
URL http://www.gentoo.org/security/en/glsa/glsa-200503-12.xml

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.