Gentoo Logo

w3m: Format string vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200701-06 / w3m
Release Date January 12, 2007
Latest Revision January 12, 2007: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-client/w3m < 0.5.1-r4 >= 0.5.1-r4 All supported architectures

Related bugreports: #159145

Synopsis

w3m does not correctly handle format string specifiers in SSL certificates.

2.  Impact Information

Background

w3m is a multi-platform text-based web browser.

Description

w3m in -dump or -backend mode does not correctly handle printf() format string specifiers in the Common Name (CN) field of an X.509 SSL certificate.

Impact

An attacker could entice a user to visit a malicious website that would load a specially crafted X.509 SSL certificate containing "%n" or other format string specifiers, possibly resulting in the execution of arbitrary code with the rights of the user running w3m.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All w3m users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/w3m-0.5.1-r4"

4.  References

Print

Page updated January 12, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.