Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 517948 (CVE-2014-4503) - <net-misc/cgminer-4.2.3: denial of service (CVE-2014-4503)
Summary: <net-misc/cgminer-4.2.3: denial of service (CVE-2014-4503)
Status: RESOLVED FIXED
Alias: CVE-2014-4503
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-24 10:11 UTC by Agostino Sarubbo
Modified: 2014-08-01 12:55 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-07-24 10:11:08 UTC 
CVE-2014-4503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4503):
  The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 
  3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial 
  of service (application exit) via a crafted (1) bbversion, (2) prev_hash, 
  (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.


@maintainer(s): since the fixed version is already in the tree, please remove the affected versions.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2014-07-26 01:30:39 UTC 
Maintainer(s), please drop the vulnerable version(s).
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-08-01 03:29:18 UTC 
CVE-2014-4503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4503):
  The parse_notify function in util.c in sgminer before 4.2.2 and cgminer
  3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of
  service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3)
  nbit, or (4) ntime parameter in a mining.notify action stratum message.
Comment 3 Anthony Basile gentoo-dev 2014-08-01 12:54:57 UTC 
The older versions are off the tree.
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-08-01 12:55:45 UTC 
(In reply to Anthony Basile from comment #3)
> The older versions are off the tree.

Thanks!