Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2014-4877

Published: 29/10/2014 Updated: 17/02/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Gnu

Vulnerability Summary

Absolute path traversal vulnerability in GNU Wget prior to 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu wget 1.13

gnu wget 1.13.4

gnu wget 1.13.3

gnu wget 1.13.2

gnu wget 1.13.1

gnu wget 1.12

gnu wget 1.14

gnu wget

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2014-4877: wget: FTP symlink arbitrary filesystem access
Debian Bug report logs - #766981 CVE-2014-4877: wget: FTP symlink arbitrary filesystem access Package: wget; Maintainer for wget is Noël Köthe <noel@debianorg>; Source for wget is src:wget (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Mon, 27 Oct 2014 11:45:07 UTC Severity: important Tags: c ...
Ubuntu Security Notice: wget vulnerability
Wget could be made to overwrite files ...
Debian Security Advisories: DSA-3062-1 wget -- security update
HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server Arbitrary file creation may override content of user's files or permit remote code executi ...
Amazon Linux AMI: ALAS-2014-442
Absolute path traversal vulnerability in GNU Wget before 116, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink ...
Red Hat: CVE-2014-4877
A flaw was found in the way Wget handled symbolic links A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution ...

Github Repositories

https://github.com/Asteria-BCSD/Asteria

Asteria This is the official repository for Asteria Enviroment Build pip install -r requirementstxt Files description trainpy: python file for model training Treepy: The Tree class defination datahelperpy: function set for accessing sqlite database dirs description application: prototype for Asteria data: sqlite database files of ASTs diaphora_test: the implement of BCS

Recent Articles

Remote code execution flaws fixed in tnftp and wget
The Register • Darren Pauli • 03 Nov 2014

Linux bods thankful, Apple a stone-cold boilerplate

The maintainer of the tnftp FTP client has patched a remote code execution vulnerability which affected operating systems including NetBSD, FreeBSD and Mac OS X. The flaw (CVE-2014-8517), which did not affect OpenBSD due to modifications, was patched over the weekend. Maintainer Luke Mewburn notified NetBSD (which ships tnftp) of the patch in a mailing list post after warning subscribers about the hole last week. NetBSD security bod Alistair Crook forewarned FreeBSD and Dragonfly, and received a...

Read more...
The NO-NAME vuln: wget mess patched without a fancy brand
The Register • Richard Chirgwin • 30 Oct 2014

Directory overwrite bug threatens all *nix boxen

Sysadmins: another venerable and nearly-ubiquitous *nix tool, wget, needs patching because of a bug first reported by HD Moore. As the Red Hat Bugzilla report describes, the bug was a beauty: a recursive directory fetch over FTP would let an attacker “create arbitrary files, directories or symbolic links” due to a symlink flaw. A malicious FTP server would be able to do pretty much anything it wanted to an unsuspecting wget user – as Moore put it, it could “overwrite your entire filesyst...

Read more...

References

CWE-22http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.htmlhttps://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-accesshttp://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0https://bugzilla.redhat.com/show_bug.cgi?id=1139181http://www.kb.cert.org/vuls/id/685996http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7https://github.com/rapid7/metasploit-framework/pull/4088http://www.ubuntu.com/usn/USN-2393-1http://rhn.redhat.com/errata/RHSA-2014-1764.htmlhttp://lists.opensuse.org/opensuse-updates/2014-11/msg00026.htmlhttp://www.debian.org/security/2014/dsa-3062http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.htmlhttp://security.gentoo.org/glsa/glsa-201411-05.xmlhttp://rhn.redhat.com/errata/RHSA-2014-1955.htmlhttp://advisories.mageia.org/MGASA-2014-0431.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:121http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10106https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917http://www.securityfocus.com/bid/70751https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766981https://usn.ubuntu.com/2393-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-4877
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook