wget is vulnerable to remote code execution (RCE) attacks. The vulnerability exists as an absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
CPE | Name | Operator | Version |
---|---|---|---|
wget | eq | 1.12__1.4.el6 | |
wget | eq | 1.12__1.8.el6 | |
wget | eq | 1.12__1.12.el6_5 | |
wget | eq | 1.12__1.11.el6_5 |
advisories.mageia.org/MGASA-2014-0431.html
git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0
lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html
lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
lists.opensuse.org/opensuse-updates/2014-11/msg00026.html
rhn.redhat.com/errata/RHSA-2014-1764.html
rhn.redhat.com/errata/RHSA-2014-1955.html
security.gentoo.org/glsa/glsa-201411-05.xml
www.debian.org/security/2014/dsa-3062
www.kb.cert.org/vuls/id/685996
www.mandriva.com/security/advisories?name=MDVSA-2015:121
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.securityfocus.com/bid/70751
www.ubuntu.com/usn/USN-2393-1
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1139181
community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
github.com/rapid7/metasploit-framework/pull/4088
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
kc.mcafee.com/corporate/index?page=content&id=SB10106
rhn.redhat.com/errata/RHSA-2014-1764.html