[arch-security] [ASA-201606-19] wget: arbitrary file overwrite
Levente Polyak
anthraxx at archlinux.org
Mon Jun 20 11:01:11 UTC 2016
Arch Linux Security Advisory ASA-201606-19
==========================================
Severity: High
Date : 2016-06-20
CVE-ID : CVE-2016-4971
Package : wget
Type : arbitrary file overwrite
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package wget before version 1.18-1 is vulnerable to arbitrary file
overwrite that could lead to potential code execution.
Resolution
==========
Upgrade to 1.18-1.
# pacman -Syu "wget>=1.18-1"
The problem has been fixed upstream in version 1.18.
Workaround
==========
None.
Description
===========
GNU Wget when supplied with a malicious website link can be tricked
into saving an arbitrary remote file supplied by an attacker, with
arbitrary content and filename under the current directory. This can
lead to potential code execution by creating system scripts (such as
.bash_profile and others) within home directory as well as other
unauthorized actions (such as request sniffing by proxy modification,
or arbitrary system file retrieval) by uploading .wgetrc configuration
file.
Because of this vulnerability, an attacker is able to overwrite an
arbitrary file in the victim's current directory.
Impact
======
A remote attacker is able to overwrite an arbitrary file in the
victim's current directory that could potentially lead to code
execution by creating system scripts that are executed.
References
==========
https://access.redhat.com/security/cve/CVE-2016-4971
https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html
https://bugs.archlinux.org/task/49730
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160620/a872dba2/attachment.asc>
More information about the arch-security
mailing list