weex -- remote format string vulnerability

ID D4C70DF5-335D-11DA-9C70-0040F42D58C6
Type freebsd
Reporter FreeBSD
Modified 2005-10-02T00:00:00


Emanuel Haupt reports:

Someone who controls an FTP server that weex will log in to can set up malicious data in the account that weex will use, and that will cause a format string bug that will allow remote code execution. It will only happen when weex is first run or when its cache files are rebuilt with the -r option, though. The vulnerability was found by Ulf Harnhammar.