[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] security risk of unexpected download filenames

From: Solar Designer
Subject: [Bug-wget] security risk of unexpected download filenames
Date: Thu, 20 May 2010 08:47:21 +0400
User-agent: Mutt/

Giuseppe, Micah, all -

As I hope you're aware, oCERT has published an advisory on a security
issue with lftp, wget, and libwww-perl.  lftp and libwww-perl have fixed
the issue.  wget didn't.


Here's a demonstration of an attack on what I think is a typical wget
cron job:


The attack provides a .wgetrc, which enables a second invocation of the
cron job to overwrite a file such as .bash_profile.  This is just one
example.  Please do not "fix" this by treating ".wgetrc" specially.

Here's an unofficial patch for the issue:


Now that we have a proof-of-concept real-world attack scenario and we
readily have a patch, would you possibly consider fixing this upstream?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]