FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

hashcash -- format string vulnerability

Affected packages
hashcash < 1.17

Details

VuXML ID 5ebfe901-a3cb-11d9-b248-000854d03344
Discovery 2005-03-06
Entry 2005-04-02
Modified 2005-04-03

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address.

Successful exploitation would permit an attacker to disrupt Hashcash users, and potentially execute arbitrary code.

References

CVE Name CVE-2005-0687
URL http://www.gentoo.org/security/en/glsa/glsa-200503-12.xml