Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
FTP:SYMLINKS-WGET-INPT-VALID |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
GNU wget FTP Remote File Creation |
Release Date |
2014/11/10 |
Update Number |
2439 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
FTP: GNU wget FTP Remote File Creation
Wget is having an input validation error. Upon successful exploitation, arbitrary files, directories or symlinks with attacker-desired permissions are created on the target system.
Extended Description
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Affected Products
- Gnu wget 1.12
- Gnu wget 1.13
- Gnu wget 1.13.1
- Gnu wget 1.13.2
- Gnu wget 1.13.3
- Gnu wget 1.13.4
- Gnu wget 1.14
- Gnu wget 1.15
References
- CVE: CVE-2014-4877