CVE-2010-2252

Name of the Vulnerable Software and Affected Versions GNU Wget versions 1.12 and earlier wget versions prior to 1.12-r2

Description The issue allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename. This could possibly lead to the execution of arbitrary code as a consequence of writing to a dotfile in a home directory. Exploitation of this issue may lead to a breach of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For GNU Wget versions 1.12 and earlier, update to a version later than 1.12 to resolve the issue. For wget versions prior to 1.12-r2, update to version 1.12-r2 or later to fix the problem. As a temporary workaround, consider disabling the use of server-provided filenames for determining the destination filename of a download until a patch is available.