Vulnerabilities > CVE-2004-2014 - Unspecified vulnerability in GNU Wget
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Exploit-Db
| description | WGet 1.x Insecure File Creation Race Condition Vulnerability. CVE-2004-2014. Local exploit for linux platform |
| id | EDB-ID:24123 |
| last seen | 2016-02-02 |
| modified | 2004-05-17 |
| published | 2004-05-17 |
| reporter | Hugo Vazquez |
| source | https://www.exploit-db.com/download/24123/ |
| title | WGet 1.x Insecure File Creation Race Condition Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-204.NASL description Hugo Vazquez Carames discovered a race condition when writing output files in wget. After wget determined the output file name, but before the file was actually opened, a local attacker with write permissions to the download directory could create a symbolic link with the name of the output file. This could be exploited to overwrite arbitrary files with the permissions of the user invoking wget. The time window of opportunity for the attacker is determined solely by the delay of the first received data packet. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20128 published 2005-11-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20128 title Mandrake Linux Security Advisory : wget (MDKSA-2005:204) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:204. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(20128); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2004-2014"); script_xref(name:"MDKSA", value:"2005:204"); script_name(english:"Mandrake Linux Security Advisory : wget (MDKSA-2005:204)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Hugo Vazquez Carames discovered a race condition when writing output files in wget. After wget determined the output file name, but before the file was actually opened, a local attacker with write permissions to the download directory could create a symbolic link with the name of the output file. This could be exploited to overwrite arbitrary files with the permissions of the user invoking wget. The time window of opportunity for the attacker is determined solely by the delay of the first received data packet. The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected wget package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wget"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.1", reference:"wget-1.9.1-4.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"wget-1.9.1-5.2.102mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-771.NASL description Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local disk. If a malicious local user has write access to the directory wget is saving a file into, it is possible to overwrite files that the user running wget has write access to. (CVE-2004-2014) A bug was found in the way wget filters redirection URLs. It is possible for a malicious Web server to overwrite files the user running wget has write access to. Note: in order for this attack to succeed the local DNS would need to resolve last seen 2020-06-01 modified 2020-06-02 plugin id 21857 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21857 title CentOS 3 / 4 : wget (CESA-2005:771) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:771 and # CentOS Errata and Security Advisory 2005:771 respectively. # include("compat.inc"); if (description) { script_id(21857); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2004-1487", "CVE-2004-1488", "CVE-2004-2014"); script_bugtraq_id(11871); script_xref(name:"RHSA", value:"2005:771"); script_name(english:"CentOS 3 / 4 : wget (CESA-2005:771)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local disk. If a malicious local user has write access to the directory wget is saving a file into, it is possible to overwrite files that the user running wget has write access to. (CVE-2004-2014) A bug was found in the way wget filters redirection URLs. It is possible for a malicious Web server to overwrite files the user running wget has write access to. Note: in order for this attack to succeed the local DNS would need to resolve '..' to an IP address, which is an unlikely situation. (CVE-2004-1487) A bug was found in the way wget displays HTTP response codes. It is possible that a malicious web server could inject a specially crafted terminal escape sequence capable of misleading the user running wget. (CVE-2004-1488) Users should upgrade to this updated package, which contains a version of wget that is not vulnerable to these issues." ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012199.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d3403b4c" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012200.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8e946d9c" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012201.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ebbebc0" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012203.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7d04bb8b" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012209.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?696339ad" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012210.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b89d5424" ); script_set_attribute(attribute:"solution", value:"Update the affected wget package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wget"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"wget-1.10.1-1.30E.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"wget-1.10.1-2.4E.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wget"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-145-1.NASL description Jan Minar discovered a path traversal vulnerability in wget. If the name last seen 2020-06-01 modified 2020-06-02 plugin id 20538 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20538 title Ubuntu 4.10 / 5.04 : wget vulnerabilities (USN-145-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-145-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20538); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2004-1487", "CVE-2004-1488", "CVE-2004-2014"); script_xref(name:"USN", value:"145-1"); script_name(english:"Ubuntu 4.10 / 5.04 : wget vulnerabilities (USN-145-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Jan Minar discovered a path traversal vulnerability in wget. If the name '..' was a valid host name (which can be achieved with a malicious or poisoned domain name server), it was possible to trick wget into creating downloaded files into arbitrary locations with arbitrary names. For example, wget could silently overwrite the users ~/.bashrc and other configuration files which are executed automatically. (CAN-2004-1487) Jan Minar also discovered that wget printed HTTP response strings from the server to the terminal without any filtering. Malicious HTTP servers could exploit this to send arbitrary terminal sequences and strings which would then be executed and printed to the console. This could potentially lead to arbitrary code execution with the privileges of the user invoking wget. (CAN-2004-1488) Hugo Vazquez Carames discovered a race condition when writing output files. After wget determined the output file name, but before the file was actually opened (the time window is determined by the delay of the first received data packet), a local attacker with with write permission to the download directory could create a symbolic link with the name of the output file. This could be exploited to overwrite arbitrary files with the permissions of the user invoking wget. (CAN-2004-2014). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected wget package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:wget"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"wget", pkgver:"1.9.1-4ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"wget", pkgver:"1.9.1-10ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wget"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-771.NASL description Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local disk. If a malicious local user has write access to the directory wget is saving a file into, it is possible to overwrite files that the user running wget has write access to. (CVE-2004-2014) A bug was found in the way wget filters redirection URLs. It is possible for a malicious Web server to overwrite files the user running wget has write access to. Note: in order for this attack to succeed the local DNS would need to resolve last seen 2020-06-01 modified 2020-06-02 plugin id 19833 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19833 title RHEL 2.1 / 3 / 4 : wget (RHSA-2005:771) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:771. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(19833); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-1487", "CVE-2004-1488", "CVE-2004-2014"); script_bugtraq_id(11871); script_xref(name:"RHSA", value:"2005:771"); script_name(english:"RHEL 2.1 / 3 / 4 : wget (RHSA-2005:771)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local disk. If a malicious local user has write access to the directory wget is saving a file into, it is possible to overwrite files that the user running wget has write access to. (CVE-2004-2014) A bug was found in the way wget filters redirection URLs. It is possible for a malicious Web server to overwrite files the user running wget has write access to. Note: in order for this attack to succeed the local DNS would need to resolve '..' to an IP address, which is an unlikely situation. (CVE-2004-1487) A bug was found in the way wget displays HTTP response codes. It is possible that a malicious web server could inject a specially crafted terminal escape sequence capable of misleading the user running wget. (CVE-2004-1488) Users should upgrade to this updated package, which contains a version of wget that is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1487" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1488" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-2014" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:771" ); script_set_attribute(attribute:"solution", value:"Update the affected wget package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wget"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:771"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"wget-1.10.1-0.AS21")) flag++; if (rpm_check(release:"RHEL3", reference:"wget-1.10.1-1.30E.1")) flag++; if (rpm_check(release:"RHEL4", reference:"wget-1.10.1-2.4E.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wget"); } }
Oval
| accepted | 2013-04-29T04:22:35.984-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9830 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://marc.info/?l=bugtraq&m=108481268725276&w=2
- http://marc.info/?l=bugtraq&m=108481268725276&w=2
- http://marc.info/?l=wget&m=108482747906833&w=2
- http://marc.info/?l=wget&m=108482747906833&w=2
- http://marc.info/?l=wget&m=108483270227139&w=2
- http://marc.info/?l=wget&m=108483270227139&w=2
- http://secunia.com/advisories/17399
- http://secunia.com/advisories/17399
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:204
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:204
- http://www.redhat.com/support/errata/RHSA-2005-771.html
- http://www.redhat.com/support/errata/RHSA-2005-771.html
- http://www.securityfocus.com/bid/10361
- http://www.securityfocus.com/bid/10361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16167
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16167
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9830
- https://usn.ubuntu.com/145-1/
- https://usn.ubuntu.com/145-1/