This really only matters to people who allow local users console access to the system. This cannot be attacked from the outside unless you give everyone shell access.

Low on the priority list.

Yes you are right. Only for shell access accounts. But it could really screw up something if you happen to use wget and end up at a vulnerable site.

"Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. "

Just came across this on a CentOS News Group

Re: [CentOS-announce] CESA-2014:1764 Moderate CentOS 6 wget Security Update

On 10/31/2014 06:53 AM, Johnny Hughes wrote:
>
> CentOS Errata and Security Advisory 2014:1764 Moderate
>
> Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html

Note to CentOS 5 users. RedHat does not plan to release a fixed wget
for EL5. You can mitigate this vulnerability by adding the following
line to the bottom of /etc/wgetrc:
retr-symlinks=on

Doing so will basically accomplish exactly the same thing that this
update does.

Peter