OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

jftpgw -- format string vulnerability

Affected packages
jftpgw < 0.13.5

Details

VuXML ID 0903c1ee-ed8f-11d8-85d9-00304f19272c
Discovery 2004-05-30
Entry 2004-08-12

The log functions in jftpgw may allow remotely authenticated user to execute arbitrary code via the format string specifiers in certain syslog messages.

References

CVE Name CAN-2004-0448
URL http://www.debian.org/security/2004/dsa-510
URL http://www.securityfocus.com/bid/10438
URL http://xforce.iss.net/xforce/xfdb/16271

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.