blob: 074cfa30e7d16b59480131a89bd9497dfd2c9ca7 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200510-09">
<title>Weex: Format string vulnerability</title>
Weex contains a format string error that may be exploited by malicious
servers to execute arbitrary code.
<product type="ebuild">Weex</product>
<announced>October 08, 2005</announced>
<revised>October 08, 2005: 01</revised>
<package name="net-ftp/weex" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
Weex is a non-interactive FTP client typically used to update web
Ulf Harnhammar discovered a format string bug in Weex that can be
triggered when it is first run (or when its cache files are rebuilt,
using the -r option).
<impact type="normal">
An attacker could setup a malicious FTP server which, when
accessed using Weex, could trigger the format string bug and end up
executing arbitrary code with the rights of the user running Weex.
There is no known workaround at this time.
All Weex users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-ftp/weex-;</code>
<uri link="">CAN-2005-3150</uri>
<metadata tag="submitter" timestamp="Fri, 07 Oct 2005 11:45:52 +0000">
<metadata tag="bugReady" timestamp="Fri, 07 Oct 2005 11:46:02 +0000">