| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | [OpenPKG-SA-2006.044] OpenPKG Security Advisory (w3m) |
| From: | OpenPKG GmbH <openpkg-noreply@openpkg.com> |
| Date: | Wed, 27 Dec 2006 22:47:44 +0100 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
| Organization: | OpenPKG GmbH, http://openpkg.com/ |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.044 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.044 Advisory Published: 2006-12-27 22:47 UTC Issue Id (internal): OpenPKG-SI-20061227.01 Issue First Created: 2006-12-27 Issue Last Modified: 2006-12-27 Issue Revision: 05 ____________________________________________________________________________ Subject Name: W3M Subject Summary: Web Browser Subject Home: http://w3m.sourceforge.net/ Subject Versions: * <= 0.5.1 Vulnerability Id: none Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service Description: A format string bug exists [0] in the textual web browser W3M [0]. The bug results in a crash of W3M under run-time options "-dump" or "-backend" if requesting HTTPS URLs and printf(3) escape sequences like "%n%n" occur in the Common Name (CN) of the website X.509 certificate. References: [0] http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439 [1] http://w3m.sourceforge.net/ ____________________________________________________________________________ Primary Package Name: w3m Primary Package Home: http://openpkg.org/go/package/w3m Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID w3m-0.5.1-E1.0.1 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document. ____________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG GmbH <http://openpkg.com/> iD8DBQFFkunlZwQuyWG3rjQRAruIAJ4qzyWLRyREE5/ifuuGBOBlxHZPywCfXQ2W h1G4gzwoF8urrJtVJek8TnE= =comE -----END PGP SIGNATURE----- |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: XSS - CMS Made Simple v1.0.2, nanoymaster |
|---|---|
| Next by Date: | Re: XSS with Vbulletin (new idea !), micmast |
| Previous by Thread: | [SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution, Moritz Muehlenhoff |
| Next by Thread: | [SECURITY] [DSA 1214-2] Updated gv packages fix arbitrary code execution, Moritz Muehlenhoff |
| Indexes: | [Date] [Thread] [Top] [All Lists] |