DESCRIPTION:
Emanuel Haupt has reported a vulnerability in Weex, which potentially
can be exploited by malicious users to cause a DoS (Denial of Service)
or to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the
"log_flush()" function when flushing an error log entry that contains
format string specifiers to disk. This may be exploited to execute
arbitrary code on a user's system via a directory name containing
format string specifiers.
Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory.
The vulnerability has been reported in version 2.6.1.5. Other
versions may also be affected.
SOLUTION:
Restrict use to trusted servers only.
PROVIDED AND/OR DISCOVERED BY:
Emanuel Haupt
ORIGINAL ADVISORY:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
{"id": "SECURITYVULNS:DOC:9856", "bulletinFamily": "software", "title": "[SA17028] Weex "log_flush()" Format String Vulnerability", "description": "\r\nTITLE:\r\nWeex "log_flush()" Format String Vulnerability\r\n\r\nSECUNIA ADVISORY ID:\r\nSA17028\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/17028/\r\n\r\nCRITICAL:\r\nLess critical\r\n\r\nIMPACT:\r\nDoS, System access\r\n\r\nWHERE:\r\n>From local network\r\n\r\nSOFTWARE:\r\nWeex 2.x\r\nhttp://secunia.com/product/5791/\r\n\r\nDESCRIPTION:\r\nEmanuel Haupt has reported a vulnerability in Weex, which potentially\r\ncan be exploited by malicious users to cause a DoS (Denial of Service)\r\nor to compromise a vulnerable system.\r\n\r\nThe vulnerability is caused due to a format string error in the\r\n"log_flush()" function when flushing an error log entry that contains\r\nformat string specifiers to disk. This may be exploited to execute\r\narbitrary code on a user's system via a directory name containing\r\nformat string specifiers.\r\n\r\nSuccessful exploitation requires that the attacker is able to create\r\ndirectories within the user's Weex home directory.\r\n\r\nThe vulnerability has been reported in version 2.6.1.5. Other\r\nversions may also be affected.\r\n\r\nSOLUTION:\r\nRestrict use to trusted servers only.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nEmanuel Haupt\r\n\r\nORIGINAL ADVISORY:\r\nhttp://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "published": "2005-10-04T00:00:00", "modified": "2005-10-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9856", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:14", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2018-08-31T11:10:14", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["MACOS_HT211170.NASL", "SL_20200317_TOMCAT_ON_SL7_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310817130", "OPENVAS:1361412562310108132"]}, {"type": "apple", "idList": ["APPLE:HT211170"]}, {"type": "msupdate", "idList": ["MS:92D9377B-6796-40F6-9F91-0F0710121CFE", "MS:5DBCA4BC-3C78-42ED-9C93-1271BC8C4757", "MS:CDA76BDD-BE44-4581-8AB9-B7A6E512B3B1"]}, {"type": "cve", "idList": ["CVE-2014-2595", "CVE-2017-9856", "CVE-2019-1010124", "CVE-2015-9286", "CVE-2016-1000366", "CVE-2018-9856", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "mskb", "idList": ["KB4464549"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:9856"]}, {"type": "ossfuzz", "idList": ["OSSFUZZ-9856"]}, {"type": "github", "idList": ["GHSA-3HQ4-F2V6-Q338"]}], "modified": "2018-08-31T11:10:14", "rev": 2}, "vulnersScore": 6.6}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **103[.]248.94.245** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **53**.\n First seen: 2021-02-28T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **scan, generic**.\nASN 132116: (First IP 103.248.93.0, Last IP 103.248.95.255).\nASN Name \"ANINETWORKIN\" and Organisation \"Ani Network Pvt Ltd\".\nASN hosts 54 domains.\nGEO IP information: City \"Delhi\", Country \"India\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-28T00:00:00", "id": "RST:15EA0FAC-1BF2-3B9C-9856-CE7D61EEF090", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 103.248.94.245", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **36[.]73.133.86** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **generic**.\nASN 7713: (First IP 36.72.228.0, Last IP 36.75.139.255).\nASN Name \"TELKOMNETASAP\" and Organisation \"PT Telekomunikasi Indonesia\".\nASN hosts 14649 domains.\nGEO IP information: City \"Semarang\", Country \"Indonesia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:5CECDAF9-B8CE-3A31-9856-68BFC25A1F5C", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 36.73.133.86", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]101.53.190** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **generic**.\nASN 14061: (First IP 46.101.0.0, Last IP 46.101.181.209).\nASN Name \"DIGITALOCEANASN\" and Organisation \"DigitalOcean LLC\".\nThis IP is a part of \"**digitalocean**\" address pools.\nASN hosts 3348428 domains.\nGEO IP information: City \"London\", Country \"United Kingdom\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:70785399-9856-39BB-AF88-3B38066D33FB", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 46.101.53.190", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **46[.]142.127.113** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-12-26T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **generic**.\nASN 8881: (First IP 46.142.0.0, Last IP 46.142.191.255).\nASN Name \"VERSATEL\" and Organisation \"\".\nASN hosts 59448 domains.\nGEO IP information: City \"Grossostheim\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-26T00:00:00", "id": "RST:073D73C7-EE20-39EB-9856-49006C8667D4", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 46.142.127.113", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **avitorent[.]pays-to.ru** in [RST Threat Feed](https://rstcloud.net/profeed) with score **11**.\n First seen: 2020-09-17T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **phishing**.\nDomain has DNS A records: 95[.]181.157.243\nWhois:\n Created: 2020-09-17 12:22:08, \n Registrar: REGRURU, \n Registrant: Private Person.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-09-17T00:00:00", "id": "RST:20590180-2E98-37D2-9856-3090BBCD536F", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: avitorent.pays-to.ru", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **40[.]71.204.181** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-27T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **shellprobe**.\nASN 8075: (First IP 40.67.0.0, Last IP 40.71.255.255).\nASN Name \"MICROSOFTCORPMSNASBLOCK\" and Organisation \"Microsoft Corporation\".\nThis IP is a part of \"**azure**\" address pools.\nASN hosts 1676501 domains.\nGEO IP information: City \"Washington\", Country \"United States\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-27T00:00:00", "id": "RST:9A358B8E-9856-3F9C-8208-EE91E5DA6FD2", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 40.71.204.181", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **51[.]210.243.185** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-11-05T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **generic**.\nASN 16276: (First IP 51.210.0.0, Last IP 51.210.255.255).\nASN Name \"OVH\" and Organisation \"\".\nThis IP is a part of \"**ovh**\" address pools.\nASN hosts 8825628 domains.\nGEO IP information: City \"\", Country \"France\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-05T00:00:00", "id": "RST:8B2E48EB-489C-326F-9856-401A08B5147C", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 51.210.243.185", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **59[.]97.173.156** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2021-01-23T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **malware**.\nASN 9829: (First IP 59.97.168.0, Last IP 59.97.215.255).\nASN Name \"BSNLNIB\" and Organisation \"National Internet Backbone\".\nASN hosts 3363 domains.\nGEO IP information: City \"Kozhikode\", Country \"India\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-23T00:00:00", "id": "RST:7F3FBA4A-BC9C-3036-9856-28431E7BE0E7", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 59.97.173.156", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **5[.]167.64.87** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2019-12-17T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **generic**.\nASN 57026: (First IP 5.167.64.0, Last IP 5.167.79.255).\nASN Name \"CHEBAS\" and Organisation \"\".\nASN hosts 202 domains.\nGEO IP information: City \"Cheboksary\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-17T00:00:00", "id": "RST:7B44A585-9856-3728-B3E4-0BEFB3CD6391", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 5.167.64.87", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **125[.]70.116.38** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-26T03:00:00, Last seen: 2021-02-28T03:00:00.\n IOC tags: **shellprobe**.\nASN 4134: (First IP 125.70.0.0, Last IP 125.71.255.255).\nASN Name \"CHINANETBACKBONE\" and Organisation \"No31Jinrong Street\".\nASN hosts 1186862 domains.\nGEO IP information: City \"Chengdu\", Country \"China\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-26T00:00:00", "id": "RST:44C62760-1142-368D-9856-CF61C3E88C3B", "href": "", "published": "2021-03-01T00:00:00", "title": "RST Threat feed. IOC: 125.70.116.38", "type": "rst", "cvss": {}}]}
