LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

bidwatcher: format string vulnerability

Package(s):bidwatcher CVE #(s):CAN-2005-0158
Created:February 18, 2005 Updated:March 3, 2005
Description: Ulf Härnhammar from the Debian Security Audit Project discovered a format string vulnerability in bidwatcher, a tool for watching and bidding on eBay auctions. This problem can be triggered remotely by a web server of eBay, or someone pretending to be eBay, sending certain data back. As of version 1.3.17 the program uses cURL and is not vulnerable anymore.
Alerts:
Gentoo 200503-06 2005-03-03
Debian DSA-687-1 2005-02-18
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds