CVE-2005-3150
CVSS7.5
发布时间 :2005-10-05 18:02:00
修订时间 :2008-09-05 16:53:35
NMCOPS    

[原文]Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames.


[CNNVD]Weex Log_Flush() 函数远程格式化字符串漏洞 (CNNVD-200510-014)

        weex 是远程自动维护网页或FTP 档案的实用工具。
        Weex 2.6.1.5, 2.6.1及可能的其他版本的Log_Flush函数存在格式化字符串漏洞,远程FTP服务器可以借助文件名中的格式化字符串执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:weex:weex:2.6.1.5
cpe:/a:weex:weex:2.6.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3150
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3150
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-014
(官方数据源) CNNVD

- 其它链接及资源

http://www.gentoo.org/security/en/glsa/glsa-200510-09.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200510-09
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833
(VENDOR_ADVISORY)  CONFIRM  http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86833
http://www.debian.org/security/2005/dsa-855
(VENDOR_ADVISORY)  DEBIAN  DSA-855
http://secunia.com/advisories/17028
(VENDOR_ADVISORY)  SECUNIA  17028
http://www.securityfocus.com/bid/14999
(UNKNOWN)  BID  14999
http://secunia.com/advisories/17112
(UNKNOWN)  SECUNIA  17112
http://secunia.com/advisories/17081
(UNKNOWN)  SECUNIA  17081

- 漏洞信息

Weex Log_Flush() 函数远程格式化字符串漏洞
高危 格式化字符串
2005-10-05 00:00:00 2006-01-19 00:00:00
远程  
        weex 是远程自动维护网页或FTP 档案的实用工具。
        Weex 2.6.1.5, 2.6.1及可能的其他版本的Log_Flush函数存在格式化字符串漏洞,远程FTP服务器可以借助文件名中的格式化字符串执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F40553)

Gentoo Linux Security Advisory 200510-9 (PacketStormID:F40553)
2005-10-11 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-3150
[点击下载]

Gentoo Linux Security Advisory GLSA 200510-09 - Ulf Harnhammar discovered a format string bug in Weex that can be triggered when it is first run (or when its cache files are rebuilt, using the -r option). Versions less than 2.6.1.5-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200510-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Weex: Format string vulnerability
      Date: October 08, 2005
      Bugs: #107849
        ID: 200510-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Weex contains a format string error that may be exploited by malicious
servers to execute arbitrary code.

Background
==========

Weex is a non-interactive FTP client typically used to update web
pages.

Affected packages
=================

    -------------------------------------------------------------------
     Package       /   Vulnerable   /                       Unaffected
    -------------------------------------------------------------------
  1  net-ftp/weex     < 2.6.1.5-r1                       >= 2.6.1.5-r1

Description
===========

Ulf Harnhammar discovered a format string bug in Weex that can be
triggered when it is first run (or when its cache files are rebuilt,
using the -r option).

Impact
======

An attacker could setup a malicious FTP server which, when accessed
using Weex, could trigger the format string bug and end up executing
arbitrary code with the rights of the user running Weex.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Weex users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-ftp/weex-2.6.1.5-r1"

References
==========

  [ 1 ] CAN-2005-3150
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3150

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-09.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

19817
Weex log_flush() Function Remote Format String
Remote / Network Access, Local / Remote, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Weex Log_Flush() Function Remote Format String Vulnerability
Input Validation Error 14999
Yes No
2005-10-02 12:00:00 2009-07-12 05:06:00
Discovery is credited to Emanuel Haupt <ehaupt@critical.ch>.

- 受影响的程序版本

Weex Weex 2.6.1 .5
Weex Weex 2.6.1
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Gentoo Linux

- 漏洞讨论

Weex is affected by a remote format string vulnerability.

The vulnerability presents itself in the 'log_flush()' function of the 'log.c' file and is exposed when the application attempts to write an error log entry containing format specifiers.

Weex versions 2.6.1 and 2.6.1.5 are reported to be vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Gentoo Linux has released advisory GLSA 200510-09 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=net-ftp/weex-2.6.1.5-r1"
Please see the referenced advisory for further information.

Debian has released advisory DSA 855-1 to address this issue. Please see the referenced advisory for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站