86833 – maintainer-update: ftp/weex - fixing a remote format string bug

Bug 86833 - maintainer-update: ftp/weex - fixing a remote format string bug

Summary: maintainer-update: ftp/weex - fixing a remote format string bug

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Jean-Yves Lefort

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-02 15:50 UTC by Emanuel Haupt
Modified:	2005-10-02 16:59 UTC (History)
CC List:	0 users

See Also:

Attachments
weex.patch (1.33 KB, patch) 2005-10-02 15:50 UTC, Emanuel Haupt	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Emanuel Haupt 2005-10-02 15:50:13 UTC

ftp/weex suffers from a remote format string security bug.

Someone who controls an FTP server that weex will log in to can
set up malicious data in the account that weex will use, and that
will cause a format string bug that will allow remote code
execution. It will only happen when weex is first run or when its
cache files are rebuilt with the -r option, though.

This behaviour is verified in versions 2.6.1 and 2.6.1.5

Fix: See: http://critical.ch/weex.log

Comment 1 Jean-Yves Lefort freebsd_committer

2005-10-02 16:45:22 UTC

Responsible Changed
From-To: freebsd-ports-bugs->jylefort

Take.

Comment 2 Jean-Yves Lefort freebsd_committer

2005-10-02 16:59:02 UTC

State Changed
From-To: open->closed

Committed, thanks!