blob: bc4e8bd85df498a41a026cb704e7b00a032a0c36 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200701-06">
<title>w3m: Format string vulnerability</title>
w3m does not correctly handle format string specifiers in SSL certificates.
<product type="ebuild">w3m</product>
<announced>January 12, 2007</announced>
<revised>January 12, 2007: 01</revised>
<package name="www-client/w3m" auto="yes" arch="*">
<unaffected range="ge">0.5.1-r4</unaffected>
<vulnerable range="lt">0.5.1-r4</vulnerable>
w3m is a multi-platform text-based web browser.
w3m in -dump or -backend mode does not correctly handle printf() format
string specifiers in the Common Name (CN) field of an X.509 SSL
<impact type="normal">
An attacker could entice a user to visit a malicious website that would
load a specially crafted X.509 SSL certificate containing "%n" or other
format string specifiers, possibly resulting in the execution of
arbitrary code with the rights of the user running w3m.
There is no known workaround at this time.
All w3m users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-client/w3m-0.5.1-r4&quot;</code>
<uri link="">CVE-2006-6772</uri>
<metadata tag="submitter" timestamp="Thu, 11 Jan 2007 00:57:23 +0000">
<metadata tag="bugReady" timestamp="Thu, 11 Jan 2007 11:00:25 +0000">