User: Password:
|
|
Subscribe / Log in / New account

wget: file overwrites and arbitrary code execution

Package(s):wget CVE #(s):CAN-2004-1487 CAN-2004-1488
Created:June 9, 2005 Updated:September 27, 2005
Description: wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

Alerts:
Red Hat RHSA-2005:771-01 wget 2005-09-27
Ubuntu USN-145-2 wget 2005-09-06
Ubuntu USN-145-1 wget 2005-06-28
Mandriva MDKSA-2005:098 wget 2005-06-09

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds