CVE-2014-4877: Wget FTP Symlink Attack Vulnerability | The Hacker News


The open-source Wget application which is most widely used on Linux and Unix systems for retrieving files from the web has found vulnerable to a critical flaw.


GNU Wget is a command-line utility designed to retrieve files from the Web using HTTP, HTTPS, and FTP, the most widely used Internet protocols. Wget can be easily installed on any Unix-like system and has been ported to many environments, including Microsoft Windows, Mac OS X, OpenVMS, MorphOS and AmigaOS.


When a recursive directory fetch over FTP server as the target, it would let an attacker „create arbitrary files, directories or symbolic links“ due to a symlink flaw.


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.