|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-12] Hashcash: Format string vulnerability Vulnerability Scan
Vulnerability Scan Summary
Hashcash: Format string vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-12
(Hashcash: Format string vulnerability)
Tavis Ormandy of the Gentoo Linux Security Audit Team identified a
flaw in the Hashcash utility that a possible hacker could expose by
specifying a malformed reply address.
Impact
Successful exploitation would permit a possible hacker to disrupt
Hashcash users, and potentially execute arbitrary code.
Workaround
There is no known workaround at this time.
Solution:
All Hashcash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.16-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
