Bug 86833 - maintainer-update: ftp/weex - fixing a remote format string bug
Summary: maintainer-update: ftp/weex - fixing a remote format string bug
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Jean-Yves Lefort
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-02 15:50 UTC by Emanuel Haupt
Modified: 2005-10-02 16:59 UTC (History)
0 users

See Also:


Attachments
weex.patch (1.33 KB, patch)
2005-10-02 15:50 UTC, Emanuel Haupt
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Emanuel Haupt 2005-10-02 15:50:13 UTC
ftp/weex suffers from a remote format string security bug.

Someone who controls an FTP server that weex will log in to can
set up malicious data in the account that weex will use, and that
will cause a format string bug that will allow remote code
execution. It will only happen when weex is first run or when its
cache files are rebuilt with the -r option, though.

This behaviour is verified in versions 2.6.1 and 2.6.1.5

Fix: See: http://critical.ch/weex.log
Comment 1 Jean-Yves Lefort freebsd_committer 2005-10-02 16:45:22 UTC
Responsible Changed
From-To: freebsd-ports-bugs->jylefort

Take.
Comment 2 Jean-Yves Lefort freebsd_committer 2005-10-02 16:59:02 UTC
State Changed
From-To: open->closed

Committed, thanks!