Summary
The remote host is missing an update to weex
announced via advisory DSA 855-1.
Ulf Härnhammar from the Debian Security Audit Project discovered a format string vulnerability in weex, a non-interactive FTP client for updating web pages, that could be exploited to execute arbitrary code on the clients machine.
For the old stable distribution (woody) this problem has been fixed in version 2.6.1-4woody2.
Solution
For the stable distribution (sarge) this problem has been fixed in version 2.6.1-6sarge1.
For the unstable distribution (sid) this problem has been fixed in version 2.6.1-6sarge1.
We recommend that you upgrade your weex package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20855-1
Severity
Classification
-
CVE CVE-2005-3150 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities