Short Name |
FTP:SYMLINKS-WGET-INPT-VALID |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
GNU wget FTP Remote File Creation |
Release Date |
2014/11/10 |
Update Number |
2439 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
Wget is having an input validation error. Upon successful exploitation, arbitrary files, directories or symlinks with attacker-desired permissions are created on the target system.
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.