FreeBSD : weex -- remote format string vulnerability (d4c70df5-335d-11da-9c70-0040f42d58c6)

High Nessus Plugin ID 21516


The remote FreeBSD host is missing a security-related update.


Emanuel Haupt reports :

Someone who controls an FTP server that weex will log in to can set up malicious data in the account that weex will use, and that will cause a format string bug that will allow remote code execution. It will only happen when weex is first run or when its cache files are rebuilt with the -r option, though. The vulnerability was found by Ulf Harnhammar.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 21516

File Name: freebsd_pkg_d4c70df5335d11da9c700040f42d58c6.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2006/05/13

Modified: 2014/09/18

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:weex, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/10/02

Vulnerability Publication Date: 2005/10/02