CVE-2014-4877 symlink arbitrary filesystem access

Bug #1386711 reported by Tod Beardsley on 2014-10-28
264
This bug affects 3 people
Affects Status Importance Assigned to Milestone
wget (Ubuntu)
Undecided
Unassigned

Bug Description

wget prior to 1.16 allows for a web server to write arbitrary files on the client side. A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

Vulnerable on:

Description: Ubuntu 13.10
Release: 13.10

Package version:

wget:
  Installed: 1.14-2ubuntu1
  Candidate: 1.14-2ubuntu1
  Version table:
 *** 1.14-2ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
        100 /var/lib/dpkg/status

CVE References

Tod Beardsley (todb-0) on 2014-10-28
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in wget (Ubuntu):
status: New → Confirmed
Seth Arnold (seth-arnold) wrote :
Changed in wget (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers