CVE-2014-4877 symlink arbitrary filesystem access
Bug #1386711 reported by
Tod Beardsley
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wget (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
wget prior to 1.16 allows for a web server to write arbitrary files on the client side. A Metasploit module is available for testing:
https:/
the disclosure is here:
Redhat's bug is here:
https:/
Vulnerable on:
Description: Ubuntu 13.10
Release: 13.10
Package version:
wget:
Installed: 1.14-2ubuntu1
Candidate: 1.14-2ubuntu1
Version table:
*** 1.14-2ubuntu1 0
500 http://
100 /var/lib/
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.