Path to this page:
Subject: CVS commit: pkgsrc/www/weex
From: Lubomir Sedlacik
Date: 2005-10-05 15:38:13
Message id: 20051005133813.E76782DA27@cvs.netbsd.org
Log Message:
Security fix for SA17028:
"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the \
"log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.
Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."
http://secunia.com/advisories/17028/
Patch from FreeBSD PR ports/86833.
Files: