Hashcash Email Reply Header Format String Vulnerability
BID:12732
Info
Hashcash Email Reply Header Format String Vulnerability
| Bugtraq ID: | 12732 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2005 12:00AM |
| Updated: | Mar 07 2005 12:00AM |
| Credit: | Discovery is credited to Tavis Ormandy. |
| Vulnerable: |
Hashcash Hashcash 1.16 Hashcash Hashcash 1.15 Hashcash Hashcash 1.14 |
| Not Vulnerable: |
Hashcash Hashcash 1.17 |
Discussion
Hashcash Email Reply Header Format String Vulnerability
A format string vulnerability exists in the generic C implementation of Hashcash. This vulnerability is exposed when the software handles an email message that includes format specifiers in the recipient field of a reply.
Successful exploitation may allow execution of arbitrary code in the context of the software.
This vulnerability is believed to have been introduced after the release of version 1.13. It is not known exactly which version the vulnerability was introduced in.
A format string vulnerability exists in the generic C implementation of Hashcash. This vulnerability is exposed when the software handles an email message that includes format specifiers in the recipient field of a reply.
Successful exploitation may allow execution of arbitrary code in the context of the software.
This vulnerability is believed to have been introduced after the release of version 1.13. It is not known exactly which version the vulnerability was introduced in.
Exploit / POC
Hashcash Email Reply Header Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Hashcash Email Reply Header Format String Vulnerability
Solution:
Gentoo has released an advisory and updates to address this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.16-r1"
The vendor has released version 1.17 dealing with this issue.
Hashcash Hashcash 1.14
Hashcash Hashcash 1.15
Hashcash Hashcash 1.16
Solution:
Gentoo has released an advisory and updates to address this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.16-r1"
The vendor has released version 1.17 dealing with this issue.
Hashcash Hashcash 1.14
-
Hashcash Hashcash 1.17
http://www.hashcash.org/tool/
Hashcash Hashcash 1.15
-
Hashcash Hashcash 1.17
http://www.hashcash.org/tool/
Hashcash Hashcash 1.16
-
Hashcash Hashcash 1.17
http://www.hashcash.org/tool/
References
Hashcash Email Reply Header Format String Vulnerability
References:
References:
- Hashcash Homepage (Hashcash)
- Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability (Hubert Chan