Absolute path traversal vulnerability in GNU Wget prior to 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu wget 1.13 |
||
gnu wget 1.13.4 |
||
gnu wget 1.13.3 |
||
gnu wget 1.13.2 |
||
gnu wget 1.13.1 |
||
gnu wget 1.12 |
||
gnu wget 1.14 |
||
gnu wget |
Linux bods thankful, Apple a stone-cold boilerplate
The maintainer of the tnftp FTP client has patched a remote code execution vulnerability which affected operating systems including NetBSD, FreeBSD and Mac OS X. The flaw (CVE-2014-8517), which did not affect OpenBSD due to modifications, was patched over the weekend. Maintainer Luke Mewburn notified NetBSD (which ships tnftp) of the patch in a mailing list post after warning subscribers about the hole last week. NetBSD security bod Alistair Crook forewarned FreeBSD and Dragonfly, and received a...
Directory overwrite bug threatens all *nix boxen
Sysadmins: another venerable and nearly-ubiquitous *nix tool, wget, needs patching because of a bug first reported by HD Moore. As the Red Hat Bugzilla report describes, the bug was a beauty: a recursive directory fetch over FTP would let an attacker “create arbitrary files, directories or symbolic links” due to a symlink flaw. A malicious FTP server would be able to do pretty much anything it wanted to an unsuspecting wget user – as Moore put it, it could “overwrite your entire filesyst...