Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 83541 - net-misc/hashcash: recipient format string bug
Summary: net-misc/hashcash: recipient format string bug
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://article.gmane.org/gmane.mail.s...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-28 04:46 UTC by Tavis Ormandy (RETIRED)
Modified: 2007-05-31 10:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
hashcash patch (hashcash-1.16-format-string.diff,382 bytes, patch)
2005-03-01 02:16 UTC, Tavis Ormandy (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy (RETIRED) gentoo-dev 2005-02-28 04:46:26 UTC 
hashcash-1.16 has a format string bug when printing the header, It could be possible to execute code in certain circumstances, but I havnt proved this.

At the very least it's a DoS by preventing hashcash users from participating in discussions or dirupting logs/exhausting memory by using huge field widths, eg

hashcash -qm -b 8 -r "foo%.5000000x" -X < /dev/null

I reported this to the hashcash mailing list (see URL).

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2005-03-01 02:16:08 UTC 
Created attachment 52362 [details, diff]
hashcash patch

obviously correct oneliner for format string vulnerability.
Comment 2 Bryan Østergaard (RETIRED) gentoo-dev 2005-03-02 11:41:19 UTC 
hashcash-1.16-r1 committed - thanks for the patch :)
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-03-02 11:50:28 UTC 
x86: please test and mark stable
Comment 4 Olivier Crete (RETIRED) gentoo-dev 2005-03-05 21:53:17 UTC 
x86 was already there
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-03-06 05:17:55 UTC 
GLSA 200503-12