PT-2014-1930 · Gnu+5 · Gnu Wget+5

Hdm

Publicado

2014-10-28

Atualizado

2024-06-15

CVE-2014-4877

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.16

Description The issue allows remote FTP servers to write to arbitrary files and execute arbitrary code when recursion is enabled, through a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For GNU Wget versions prior to 1.16, consider disabling recursion to minimize the risk of exploitation until a patch is available. Restrict access to arbitrary files to prevent potential code execution.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2014-2303

ALT-PU-2015-1257

BDU:2015-09791

CESA-2014_1764

CVE-2014-4877

DLA-82-1

DSA-3062-1

MGASA-2014-0431

OPENSUSE-SU-2024:10263-1

RHSA-2014:1764

RHSA-2014:1955

RHSA-2014_1764

SUSE-SU-2014_1366-1

SUSE-SU-2014_1366-2

SUSE-SU-2014_1408-1

SUSE-SU-2014_1464-1

USN-2393-1

Produtos afetados

Alt Linux

Centos

Gnu Wget

Red Hat

Suse

Ubuntu

PT-2014-1930 · Gnu+5 · Gnu Wget+5

CVE-2014-4877

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43