CVE-2014-4877: Wget FTP Symlink Attack Vulnerability | The Hacker News

 

The open-source Wget application which is most widely used on Linux and Unix systems for retrieving files from the web has found vulnerable to a critical flaw.

 

GNU Wget is a command-line utility designed to retrieve files from the Web using HTTP, HTTPS, and FTP, the most widely used Internet protocols. Wget can be easily installed on any Unix-like system and has been ported to many environments, including Microsoft Windows, Mac OS X, OpenVMS, MorphOS and AmigaOS.

 

When a recursive directory fetch over FTP server as the target, it would let an attacker „create arbitrary files, directories or symbolic links“ due to a symlink flaw.

via

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.