Topic: 2012-08-13 us-cert.gov - Vulnerability Summary for the Week of August 6, 2012 (Read 1348 times)
August 13, 2012, 08:03:18 PM
Nobody runs this version any more, and even those that do are safe as long as they wait several blocks before accepting transactions to make sure they aren't being fed bogus bitcoins.
August 13, 2012, 07:49:26 PM
Not exactly a 'press hit' - but given the wording "allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction" - I wouldn't be surprised if this generates some press.
From the linked vulnerability record at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139
that NIST record appears to reference a 2010 bitcointalk thread.
https://bitcointalksearch.org/topic/strange-block-74638-822
Interesting that this should pop up now. :/
Quote
Bulletin (SB12-226)
Vulnerability Summary for the Week of August 6, 2012
2012-08-13
http://www.us-cert.gov/cas/bulletins/SB12-226.html
...
bitcoin -- bitcoind
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction. 2012-08-06 7.5 CVE-2010-5139
bitcoin -- bitcoind
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors. 2012-08-06 7.5 CVE-2010-5141
bitcoin -- bitcoin-qt
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages. 2012-08-06 7.5 CVE-2012-1910
...
Vulnerability Summary for the Week of August 6, 2012
2012-08-13
http://www.us-cert.gov/cas/bulletins/SB12-226.html
...
bitcoin -- bitcoind
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction. 2012-08-06 7.5 CVE-2010-5139
bitcoin -- bitcoind
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors. 2012-08-06 7.5 CVE-2010-5141
bitcoin -- bitcoin-qt
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages. 2012-08-06 7.5 CVE-2012-1910
...
From the linked vulnerability record at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139
Quote
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
that NIST record appears to reference a 2010 bitcointalk thread.
https://bitcointalksearch.org/topic/strange-block-74638-822
Interesting that this should pop up now. :/
Jump to: