Pipe 2TRV wget prior to 1.16 allows for a web server to write arbitrary files on the client side

wget prior to 1.16 allows for a web server to write arbitrary files on the client side

by
Anonymous Coward
in security on (#2TRV)
wget prior to 1.16 allows for a web server to write arbitrary files on the client side.

A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

History

2014-10-29 18:28
wget prior to 1.16 allows for a web server to write arbitrary files on the client side
zenbi@pipedot.org
Here's a concern for most of us. Be aware that the popular program wget, in versions prior to 1.16, allows for a webFTP server to write arbitrary files on the client side. Wget is commonly used in shell scripts to get files or web pages from servers for further processing locally. Wget has many other uses as well, and is an important part of much command line sorcery.

A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181
Reply 0 comments