ports/86833: maintainer-update: ftp/weex - fixing a remote format string bug

Sun Oct 2 14:50:14 UTC 2005

>Number:         86833
>Category:       ports
>Synopsis:       maintainer-update: ftp/weex - fixing a remote format string bug
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 02 14:50:13 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Emanuel Haupt
>Release:        FreeBSD 6.0-BETA5 i386
>Organization:
>Environment:
System: FreeBSD beaver.critical.ch 6.0-BETA5 FreeBSD 6.0-BETA5 #0: Tue Sep 27 19:38:58 CEST 2005 root at beaver.critical.ch:/usr/obj/usr/src/RELENG_6/src/sys/BEAVER i386


	
>Description:
ftp/weex suffers from a remote format string security bug.

Someone who controls an FTP server that weex will log in to can
set up malicious data in the account that weex will use, and that
will cause a format string bug that will allow remote code
execution. It will only happen when weex is first run or when its
cache files are rebuilt with the -r option, though.

This behaviour is verified in versions 2.6.1 and 2.6.1.5

>How-To-Repeat:
	
>Fix:

See: http://critical.ch/weex.log

--- weex.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/ftp/weex/Makefile,v
retrieving revision 1.2
diff -u -r1.2 Makefile
--- Makefile	13 Sep 2005 18:18:40 -0000	1.2
+++ Makefile	2 Oct 2005 09:15:03 -0000
@@ -7,6 +7,7 @@
 
 PORTNAME=	weex
 PORTVERSION=	2.6.1.5
+PORTREVISION=	1
 CATEGORIES=	ftp
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE_EXTENDED}
 MASTER_SITE_SUBDIR=	${PORTNAME}
Index: pkg-descr
===================================================================
RCS file: /home/ncvs/ports/ftp/weex/pkg-descr,v
retrieving revision 1.1
diff -u -r1.1 pkg-descr
--- pkg-descr	8 Sep 2005 11:13:30 -0000	1.1
+++ pkg-descr	2 Oct 2005 09:15:03 -0000
@@ -9,6 +9,3 @@
     * caching to speed up the synchronization process
 
 WWW: http://weex.sourceforge.net/
-
-- ehaupt
-ehaupt at critical.ch
Index: files/patch-src-log.c
===================================================================
RCS file: files/patch-src-log.c
diff -N files/patch-src-log.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/patch-src-log.c	2 Oct 2005 09:15:03 -0000
@@ -0,0 +1,11 @@
+--- src/log.c.orig	Mon Aug 18 11:52:38 2003
++++ src/log.c	Sun Oct  2 11:06:58 2005
+@@ -183,7 +183,7 @@
+ 
+ 	fp=log_open();
+ 	for(i=0;i<max_log;i++){
+-		fprintf(fp,log_str[i]);
++		fprintf(fp,"%s",log_str[i]);
+ 		free(log_str[i]);
+ 	}
+ 	free(log_str);
--- weex.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

