[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] security risk of unexpected download filenames
From: |
Solar Designer |
Subject: |
[Bug-wget] security risk of unexpected download filenames |
Date: |
Thu, 20 May 2010 08:47:21 +0400 |
User-agent: |
Mutt/1.4.2.3i |
Giuseppe, Micah, all -
As I hope you're aware, oCERT has published an advisory on a security
issue with lftp, wget, and libwww-perl. lftp and libwww-perl have fixed
the issue. wget didn't.
http://www.ocert.org/advisories/ocert-2010-001.html
Here's a demonstration of an attack on what I think is a typical wget
cron job:
http://www.openwall.com/lists/oss-security/2010/05/18/13
The attack provides a .wgetrc, which enables a second invocation of the
cron job to overwrite a file such as .bash_profile. This is just one
example. Please do not "fix" this by treating ".wgetrc" specially.
Here's an unofficial patch for the issue:
http://www.openwall.com/lists/oss-security/2010/05/17/2
Now that we have a proof-of-concept real-world attack scenario and we
readily have a patch, would you possibly consider fixing this upstream?
Thanks,
Alexander
- [Bug-wget] security risk of unexpected download filenames,
Solar Designer <=