Gentoo Logo

Hashcash: Possible heap overflow

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200606-25 / hashcash
Release Date June 26, 2006
Latest Revision July 29, 2006: 02
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/hashcash < 1.21 >= 1.21 All supported architectures

Related bugreports: #134960

Synopsis

A heap overflow vulnerability in the Hashcash utility could allow an attacker to execute arbitrary code.

2.  Impact Information

Background

Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam.

Description

Andreas Seltenreich has reported a possible heap overflow in the array_push() function in hashcash.c, as a result of an incorrect amount of allocated memory for the "ARRAY" structure.

Impact

By sending malicious entries to the Hashcash utility, an attacker may be able to cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Hashcash users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.21"

4.  References

Print

Updated June 26, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Support OSL
Gentoo Centric Hosting: vr.org
Tek Alchemy
SevenL.net
Global Netoptex Inc.
Bytemark
Online Kredit Index
Copyright 2001-2009 Gentoo Foundation, Inc. Questions, Comments? Contact us.