|
|
Log in / Subscribe / Register

wget: denial of service

Package(s):wget CVE #(s):CVE-2006-6719
Created:January 11, 2007 Updated:January 23, 2007
Description: The wget http file retriever application has a problem with the ftp_syst function in ftp-basic.c. A malicious FTP server which sends a large number of blank 220 responses to the SYST command can cause wget to crash, resulting in a denial of service.
Alerts:
rPath rPSA-2007-0011-1 wget 2007-01-23
Mandriva MDKSA-2007:017 wget 2006-01-15
Fedora FEDORA-2007-043 wget 2007-01-10
Fedora FEDORA-2007-037 wget 2007-01-10
to post comments

wget: denial of service

Posted Jan 25, 2007 17:11 UTC (Thu) by freemars (subscriber, #4235) [Link]

A friend (and maintainer of the VMS version of wget) reports 'it was any 2xx response with no additional data, not only 220, and one will do, no need for "a large number".'

wget: denial of service

Posted Feb 10, 2007 15:32 UTC (Sat) by kreutzm (guest, #4700) [Link]

Looks like this DoS does not require a DSA.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds