CVE-2006-3251
CVSS7.5
发布时间 :2006-06-27 14:05:00
修订时间 :2011-10-17 00:00:00
NMCOP    

[原文]Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.


[CNNVD]Hashcash hashcash.c array_push函数 远程数据堆缓冲区溢出漏洞(CNNVD-200606-512)

        Hashcash 1.21之前版本的hashcash.c中array_push函数内基于数据堆的缓冲区溢出,可能让远程攻击者通过特制的条目执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:hashcash:hashcash:1.16
cpe:/a:hashcash:hashcash:1.00
cpe:/a:hashcash:hashcash:1.19
cpe:/a:hashcash:hashcash:1.20
cpe:/a:hashcash:hashcash:1.14
cpe:/a:hashcash:hashcash:1.08
cpe:/a:hashcash:hashcash:1.10
cpe:/a:hashcash:hashcash:1.15
cpe:/a:hashcash:hashcash:1.17
cpe:/a:hashcash:hashcash:1.04
cpe:/a:hashcash:hashcash:1.18
cpe:/a:hashcash:hashcash:1.03
cpe:/a:hashcash:hashcash:1.05
cpe:/a:hashcash:hashcash:1.02
cpe:/a:hashcash:hashcash:1.07
cpe:/a:hashcash:hashcash:1.09
cpe:/a:hashcash:hashcash:1.13
cpe:/a:hashcash:hashcash:1.12
cpe:/a:hashcash:hashcash:1.06
cpe:/a:hashcash:hashcash:1.01
cpe:/a:hashcash:hashcash:1.11

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3251
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3251
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-512
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/18659
(PATCH)  BID  18659
http://xforce.iss.net/xforce/xfdb/27422
(UNKNOWN)  XF  hashcash-arraypush-bo(27422)
http://www.vupen.com/english/advisories/2006/2551
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2551
http://www.hashcash.org/source/CHANGELOG
(UNKNOWN)  CONFIRM  http://www.hashcash.org/source/CHANGELOG
http://www.gentoo.org/security/en/glsa/glsa-200606-25.xml
(UNKNOWN)  GENTOO  GLSA-200606-25
http://www.debian.org/security/2006/dsa-1114
(UNKNOWN)  DEBIAN  DSA-1114
http://secunia.com/advisories/21146
(VENDOR_ADVISORY)  SECUNIA  21146
http://secunia.com/advisories/20846
(VENDOR_ADVISORY)  SECUNIA  20846
http://secunia.com/advisories/20800
(VENDOR_ADVISORY)  SECUNIA  20800

- 漏洞信息

Hashcash hashcash.c array_push函数 远程数据堆缓冲区溢出漏洞
高危 缓冲区溢出
2006-06-27 00:00:00 2006-07-28 00:00:00
远程  
        Hashcash 1.21之前版本的hashcash.c中array_push函数内基于数据堆的缓冲区溢出,可能让远程攻击者通过特制的条目执行任意代码。

- 公告与补丁

        目前厂商已经发布了相关补丁,请到厂商的主页下载:
        Hashcash Hashcash 1.19
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.20
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.18
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 6
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 4
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 5
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 9
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 2
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 7
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 8
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 1
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.0 3
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.10
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.11
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.12
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.13
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.14
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.15
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.16
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        Hashcash Hashcash 1.17
        Hashcash hashcash-1.21.tgz
        http://hashcash.org/source/hashcash-1.21.tgz
        

- 漏洞信息 (F48460)

Debian Linux Security Advisory 1114-1 (PacketStormID:F48460)
2006-07-24 00:00:00
Debian  debian.org
advisory,overflow,arbitrary
linux,debian
CVE-2006-3251
[点击下载]

Debian Security Advisory 1114-1 - Andreas Seltenreich discovered a buffer overflow in hashcash, a postage payment scheme for email that is based on hash calculations, which could allow attackers to execute arbitrary code via specially crafted entries.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1114-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 21st, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : hashcash
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2006-3251
BugTraq ID     : 18659
Debian Bug     : 376444

Andreas Seltenreich discovered a buffer overflow in hashcash, a
postage payment scheme for email that is based on hash calculations,
which could allow attackers to execute arbitrary code via specially
crafted entries.

For the stable distribution (sarge) this problem has been fixed in
version 1.17-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.21-1.

We recommend that you upgrade your hashcash package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1.dsc
      Size/MD5 checksum:      571 0e6e1272eaec884fa66ae84e962f51cc
    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1.diff.gz
      Size/MD5 checksum:     3604 bb43fcc72e1c40cfd7e8a337902c7c89
    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17.orig.tar.gz
      Size/MD5 checksum:   185522 9e5a8a35941c0cdccac93f41bd943593

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_alpha.deb
      Size/MD5 checksum:   168504 b0ee6dc37c1fbcc9d9084cecfbb9f5e6

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_amd64.deb
      Size/MD5 checksum:   131586 34e12310aa9e4c8016df21af7c5ee4f0

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_arm.deb
      Size/MD5 checksum:   129036 8ef6ad2e6f6ce729893381aa72a6af77

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_i386.deb
      Size/MD5 checksum:   125388 f478094512ce7fbcc0ea7f43c7942cda

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_ia64.deb
      Size/MD5 checksum:   180272 aa2465a8d3209bc7f60966c8077fba2f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_hppa.deb
      Size/MD5 checksum:   148194 2bf6d28a30e6f287b9f92ff7aad958db

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_m68k.deb
      Size/MD5 checksum:   113598 09d1c3002b95945e66464de441bd6875

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_mips.deb
      Size/MD5 checksum:   153776 fbd29b41912a027feec7cf0c10c858c9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_mipsel.deb
      Size/MD5 checksum:   153382 2d231cd9aecdd9751c0dc1981c77b652

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_powerpc.deb
      Size/MD5 checksum:   140396 1e2bf003d9165dc91558d9a4109c48b3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_s390.deb
      Size/MD5 checksum:   139680 57adea417e98c12c7e1512b00e40148c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_sparc.deb
      Size/MD5 checksum:   156978 1fd5a5647dfb17bb223b783561f1e95e


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwHcHW5ql+IAeqTIRAmqLAJ49YWqUmYOxF2a8CX9QBl18h6VUqACgiCop
zgROFIHhcFSw5m6XcPv13Qg=
=y65P
-----END PGP SIGNATURE-----

    

- 漏洞信息

26865
Hashcash array_push Function Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-03-24 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.21 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站