Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

GNU Wget Symlink Vulnerability

 

Systems Affected


GNU Wget prior to 1.16

Threat Level


High


Overview


Vulnerability has been reported in GNU Wget which could allow a remote attacker to overwrite files with the permissions of the user running wget.


Description


This vulnerability exists in the FTP Handler component of GNU Wget.

A remote, unauthenticated attacker could create a specially crafted directory that, when recursively retrieved via FTP, will create arbitrary files, directories, or symbolic links on the target users system with the permissions of the user running wget.


Impact



Solution/ Workarounds


Update to wget 1.16
http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html

A source code fix is also available
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.