Ubuntu
wget package

CVE-2014-4877 symlink arbitrary filesystem access

Bug #1386711 reported by Tod Beardsley on 2014-10-28

264

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	wget (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

wget prior to 1.16 allows for a web server to write arbitrary files on the client side. A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

Vulnerable on:

Description: Ubuntu 13.10
Release: 13.10

Package version:

wget:
  Installed: 1.14-2ubuntu1
  Candidate: 1.14-2ubuntu1
  Version table:
*** 1.14-2ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
        100 /var/lib/dpkg/status

CVE References

2014-4877

Tod Beardsley (todb-0) on 2014-10-28

information type:

Private Security → Public Security

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-10-29:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in wget (Ubuntu):
status:	New → Confirmed

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2014-11-03:

http://www.ubuntu.com/usn/usn-2393-1

Changed in wget (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuwget package