Detections
Analytics

FreeBSD : weex -- remote format string vulnerability (d4c70df5-335d-11da-9c70-0040f42d58c6)

high Nessus Plugin ID 21516

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Emanuel Haupt reports :

Someone who controls an FTP server that weex will log in to can set up malicious data in the account that weex will use, and that will cause a format string bug that will allow remote code execution. It will only happen when weex is first run or when its cache files are rebuilt with the -r option, though. The vulnerability was found by Ulf Harnhammar.

Solution

Update the affected package.

See Also

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86833

http://www.nessus.org/u?dd9f5423

Plugin Details

Severity: High

ID: 21516

File Name: freebsd_pkg_d4c70df5335d11da9c700040f42d58c6.nasl

Version: 1.13

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:weex, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/2/2005

Vulnerability Publication Date: 10/2/2005