Author

Topic: 2012-08-13 us-cert.gov - Vulnerability Summary for the Week of August 6, 2012 (Read 1369 times)

full member
Activity: 225
Merit: 101
Nobody runs this version any more, and even those that do are safe as long as they wait several blocks before accepting transactions to make sure they aren't being fed bogus bitcoins.
legendary
Activity: 1092
Merit: 1001
Not exactly a 'press hit' - but given the wording "allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction" - I wouldn't be surprised if this generates some press.

Quote
Bulletin (SB12-226)
Vulnerability Summary for the Week of August 6, 2012

2012-08-13

http://www.us-cert.gov/cas/bulletins/SB12-226.html


...
bitcoin -- bitcoind
Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.    2012-08-06   7.5   CVE-2010-5139


bitcoin -- bitcoind
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.    2012-08-06   7.5   CVE-2010-5141


bitcoin -- bitcoin-qt
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages.    2012-08-06   7.5   CVE-2012-1910

...


From the linked vulnerability record at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5139

Quote
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

that NIST record appears to reference a 2010 bitcointalk thread.
https://bitcointalksearch.org/topic/strange-block-74638-822

Interesting that this should pop up now. :/


Jump to: