wget: FTP symlink arbitrary filesystem access (CVE-2014-4877)
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
References:
http://seclists.org/oss-sec/2014/q4/453
https://bugzilla.redhat.com/show\_bug.cgi?id=1139181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877
COMMIT:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
(from redmine: issue id 3571, created on 2014-11-26, closed on 2014-12-08)
- Relations:
- child #3572 (closed)
- child #3573 (closed)
- child #3574 (closed)