Debian Security Advisory DSA 855-1 (weex) Network Vulnerability

Summary

The remote host is missing an update to weex announced via advisory DSA 855-1. Ulf Härnhammar from the Debian Security Audit Project discovered a format string vulnerability in weex, a non-interactive FTP client for updating web pages, that could be exploited to execute arbitrary code on the clients machine. For the old stable distribution (woody) this problem has been fixed in version 2.6.1-4woody2.

Solution

For the stable distribution (sarge) this problem has been fixed in version 2.6.1-6sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.6.1-6sarge1. We recommend that you upgrade your weex package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20855-1

Severity

Classification

CVE CVE-2005-3150
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1046-1 (mozilla)
Debian Security Advisory DSA 1009-1 (crossfire)
Debian Security Advisory DSA 016-1 (wu-ftpd)
Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
Debian Security Advisory DSA 003-1 (joe)

Take action and discover your vulnerabilities