FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

weex -- remote format string vulnerability

Affected packages
weex <


VuXML ID d4c70df5-335d-11da-9c70-0040f42d58c6
Discovery 2005-10-02
Entry 2005-10-02

Emanuel Haupt reports:

Someone who controls an FTP server that weex will log in to can set up malicious data in the account that weex will use, and that will cause a format string bug that will allow remote code execution. It will only happen when weex is first run or when its cache files are rebuilt with the -r option, though. The vulnerability was found by Ulf Harnhammar.


FreeBSD PR ports/86833