Forums

nuke
nuke
Offline
Resolved
0 votes
Here we go again.

""It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov wrote in a Red Hat Bugzilla comment."

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

wget has been fixed with v1.16.

I presume this security patch will flow through soon?
Thursday, October 30 2014, 12:15 AM
Share this post:
Responses (3)
  • Accepted Answer

    Saturday, November 01 2014, 02:07 AM - #Permalink
    Resolved
    0 votes
    Just came across this on a CentOS News Group

    Re: [CentOS-announce] CESA-2014:1764 Moderate CentOS 6 wget Security Update

    On 10/31/2014 06:53 AM, Johnny Hughes wrote:
    >
    > CentOS Errata and Security Advisory 2014:1764 Moderate
    >
    > Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html

    Note to CentOS 5 users. RedHat does not plan to release a fixed wget
    for EL5. You can mitigate this vulnerability by adding the following
    line to the bottom of /etc/wgetrc:
    retr-symlinks=on

    Doing so will basically accomplish exactly the same thing that this
    update does.

    Peter
    The reply is currently minimized Show
  • Accepted Answer

    nuke
    nuke
    Offline
    Friday, October 31 2014, 09:24 PM - #Permalink
    Resolved
    0 votes
    Yes you are right. Only for shell access accounts. But it could really screw up something if you happen to use wget and end up at a vulnerable site.

    "Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. "
    The reply is currently minimized Show
  • Accepted Answer

    Jay Dee
    Jay Dee
    Offline
    Friday, October 31 2014, 07:23 PM - #Permalink
    Resolved
    0 votes
    This really only matters to people who allow local users console access to the system. This cannot be attacked from the outside unless you give everyone shell access.

    Low on the priority list.
    The reply is currently minimized Show
Your Reply