wget prior to 1.16 allows for a web server to write arbitrary files on the client side

by
Anonymous Coward
in security on (#2TRV)
wget prior to 1.16 allows for a web server to write arbitrary files on the client side.

A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

History


Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in /var/pipedot/include/diff.php on line 25

Deprecated: Creation of dynamic property FineDiff::$granularityStack is deprecated in /var/pipedot/lib/finediff/finediff.php on line 217

Deprecated: Creation of dynamic property FineDiff::$edits is deprecated in /var/pipedot/lib/finediff/finediff.php on line 218

Deprecated: Creation of dynamic property FineDiff::$from_text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 219

Deprecated: Creation of dynamic property FineDiff::$last_edit is deprecated in /var/pipedot/lib/finediff/finediff.php on line 372

Deprecated: Creation of dynamic property FineDiff::$stackpointer is deprecated in /var/pipedot/lib/finediff/finediff.php on line 373

Deprecated: Creation of dynamic property FineDiff::$from_offset is deprecated in /var/pipedot/lib/finediff/finediff.php on line 375

Deprecated: Creation of dynamic property FineDiffReplaceOp::$fromLen is deprecated in /var/pipedot/lib/finediff/finediff.php on line 126

Deprecated: Creation of dynamic property FineDiffReplaceOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 127

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffReplaceOp::$fromLen is deprecated in /var/pipedot/lib/finediff/finediff.php on line 126

Deprecated: Creation of dynamic property FineDiffReplaceOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 127

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffReplaceOp::$fromLen is deprecated in /var/pipedot/lib/finediff/finediff.php on line 126

Deprecated: Creation of dynamic property FineDiffReplaceOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 127

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffReplaceOp::$fromLen is deprecated in /var/pipedot/lib/finediff/finediff.php on line 126

Deprecated: Creation of dynamic property FineDiffReplaceOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 127

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffReplaceOp::$fromLen is deprecated in /var/pipedot/lib/finediff/finediff.php on line 126

Deprecated: Creation of dynamic property FineDiffReplaceOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 127

Deprecated: Creation of dynamic property FineDiffReplaceOp::$fromLen is deprecated in /var/pipedot/lib/finediff/finediff.php on line 126

Deprecated: Creation of dynamic property FineDiffReplaceOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 127

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffInsertOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 104

Deprecated: Creation of dynamic property FineDiffInsertOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 104

Deprecated: Creation of dynamic property FineDiffInsertOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 104

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffInsertOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 104

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffReplaceOp::$fromLen is deprecated in /var/pipedot/lib/finediff/finediff.php on line 126

Deprecated: Creation of dynamic property FineDiffReplaceOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 127

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffInsertOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 104
2014-10-29 18:28
wget prior to 1.16 allows for a web server to write arbitrary files on the client side
zenbi@pipedot.org
Here's a concern for most of us. Be aware that the popular program wget, in versions prior to 1.16, allows for a webFTP server to write arbitrary files on the client side. Wget is commonly used in shell scripts to get files or web pages from servers for further processing locally. Wget has many other uses as well, and is an important part of much command line sorcery.

A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181
Reply 0 comments