From de9a4bedec903d0b1ef8cede2975b7d04d187e87 Mon Sep 17 00:00:00 2001 From: Tom Rhodes Date: Fri, 13 Aug 2004 21:31:53 +0000 Subject: Format string vulnerability in jftpgw. Informed by: Robert Nagy --- security/vuxml/vuln.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index bc50aa632445..246f7ecb24ab 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,34 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + Arbitrary code execution via a format string vulnerability + + + jftpgw + 0.13.5 + + + + +

The log functions in jftpgw may allow + remotely authenticated user to execute + arbitrary code via the format string + specifiers in certain syslog messages.

+ + + + CAN-2004-0448 + http://www.debian.org/security/2004/dsa-510 + http://www.securityfocus.com/bid/10438 + http://xforce.iss.net/xforce/xfdb/16271 + + + 2004-05-30 + 2004-08-13 + + + KDE Konqueror frame injection vulnerability -- cgit v1.2.3