|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-25] Hashcash: Possible heap overflow Vulnerability Scan
Vulnerability Scan Summary Hashcash: Possible heap overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-25
(Hashcash: Possible heap overflow)
Andreas Seltenreich has reported a possible heap overflow in the
array_push() function in hashcash.c, as a result of an incorrect amount
of allocated memory for the "ARRAY" structure.
Impact
By sending malicious entries to the Hashcash utility, a possible hacker may
be able to cause an overflow, potentially resulting in the execution of
arbitrary code with the rights of the user running the application.
Workaround
There is no known workaround at this time.
References:
http://www.hashcash.org/source/CHANGELOG
Solution:
All Hashcash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.21"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|