Arch Linux Security Advisory ASA-201606-19 ========================================== Severity: High Date : 2016-06-20 CVE-ID : CVE-2016-4971 Package : wget Type : arbitrary file overwrite Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package wget before version 1.18-1 is vulnerable to arbitrary file overwrite that could lead to potential code execution. Resolution ========== Upgrade to 1.18-1. # pacman -Syu "wget>=1.18-1" The problem has been fixed upstream in version 1.18. Workaround ========== None. Description =========== GNU Wget when supplied with a malicious website link can be tricked into saving an arbitrary remote file supplied by an attacker, with arbitrary content and filename under the current directory. This can lead to potential code execution by creating system scripts (such as .bash_profile and others) within home directory as well as other unauthorized actions (such as request sniffing by proxy modification, or arbitrary system file retrieval) by uploading .wgetrc configuration file. Because of this vulnerability, an attacker is able to overwrite an arbitrary file in the victim's current directory. Impact ====== A remote attacker is able to overwrite an arbitrary file in the victim's current directory that could potentially lead to code execution by creating system scripts that are executed. References ========== https://access.redhat.com/security/cve/CVE-2016-4971 https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html https://bugs.archlinux.org/task/49730