LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

wget: denial of service

Package(s):wget CVE #(s):CVE-2006-6719
Created:January 11, 2007 Updated:January 23, 2007
Description: The wget http file retriever application has a problem with the ftp_syst function in ftp-basic.c. A malicious FTP server which sends a large number of blank 220 responses to the SYST command can cause wget to crash, resulting in a denial of service.
Alerts:
rPath rPSA-2007-0011-1 2007-01-23
Mandriva MDKSA-2007:017 2006-01-15
Fedora FEDORA-2007-043 2007-01-10
Fedora FEDORA-2007-037 2007-01-10
(Log in to post comments)

wget: denial of service

Posted Jan 25, 2007 17:11 UTC (Thu) by freemars (subscriber, #4235) [Link]

A friend (and maintainer of the VMS version of wget) reports 'it was any 2xx response with no additional data, not only 220, and one will do, no need for "a large number".'

wget: denial of service

Posted Feb 10, 2007 15:32 UTC (Sat) by kreutzm (subscriber, #4700) [Link]

Looks like this DoS does not require a DSA.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds