[3.7] wget: Cookie injection vulnerability (CVE-2018-0494)
It was found that GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file.
Normally a website should not be able to set cookies for other domains.
Due to insufficient input validation
GNU Wget can be tricked into storing arbitrary cookie values to the
cookie jar file, bypassing this security restriction.
An external attacker is able to inject arbitrary cookie values into cookie jar file, adding new or replacing existing cookie values.
Fixed In Version:
wget 1.19.5
References:
http://openwall.com/lists/oss-security/2018/05/06/1
https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
Patch:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
(from redmine: issue id 8869, created on 2018-05-10, closed on 2018-05-15)
- Relations:
- copied_to #8868 (closed)
- parent #8868 (closed)