FreeBSD : weex -- remote format string vulnerability (d4c70df5-335d-11da-9c70-0040f42d58c6)
High Nessus Plugin ID 21516
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionEmanuel Haupt reports :
Someone who controls an FTP server that weex will log in to can set up malicious data in the account that weex will use, and that will cause a format string bug that will allow remote code execution. It will only happen when weex is first run or when its cache files are rebuilt with the -r option, though. The vulnerability was found by Ulf Harnhammar.
SolutionUpdate the affected package.