Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4447

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4447
Last Modified 07 Aug 2012 12:00:00
Published 06 Aug 2012 12:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4447

Summary

The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.

Vulnerable Systems

Application

  • Bitcoind 0.4.0

  • Bitcoind 0.4.1

  • Bitcoind 0.5.0

  • Wxbitcoin 0.4.0

  • Wxbitcoin 0.4.1

  • Wxbitcoin 0.5.0


References

CONFIRM - https://en.bitcoin.it/wiki/CVEs

CONFIRM - https://bitcointalk.org/index.php?topic=51604.0

CONFIRM - https://bitcointalk.org/index.php?topic=51474.0

CONFIRM - http://bitcoin.org/releases/2011/11/21/v0.5.0.html


Last Updated: 27 May 2016 10:55:01