Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Security Fixes and Improvements

August 5th, 2010, 11:51 GMT · By

Possible Remote Code Execution Bug Fixed in Wget

SHARE:

Adjust text size:


Wget gets patch for remote file overwriting bug
Enlarge picture
A new wget version has been released to address an eight-month-old moderate-risk security issue, which can potentially allow an attacker to overwrite arbitrary files. The bug initially caused some disagreement amongst developers in regards to its impact.

GNU Wget is a popular cross-platform command-line utility, which can be used to download content from servers over the HTTP, HTTPS and FTP protocols. The program is included by default in most Linux distributions.

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory,” a description of the recently patched vulnerability, reads.

The issue also affected the lftp and the libwww-perl packages and was discovered and reported by Hank Leininger and Solar Designer under the Openwall Project. According to the timeline published by oCERT, the organization which handled the patch coordination, the wget developers initially refused to acknowledge the security implications of the bug.

Wget didn't acknowledge the report, the issues reported have not been considered relevant from a security perspective by the maintainer,” an entry dated January 11, 2010 reads. A subsequent one from February notes that “wget confirmed the application will not be fixed.”

A disagreement over the bug's impact is also apparent from the discussion on the Openwall security mailing list. “Many programs support optional startup/config files of fixed/known/guessable names that a malicious or compromised server could provide. In fact, I've just demonstrated this attack against wget itself, but it could also work against another program,” Solar Designer, writes.

You can follow the editor on Twitter @lconstantin

TELL US WHAT YOU THINK:

1,000 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Google Plugs Massive Security Hole in reCAPTCHA
Several Security Bugs Fixed in Chrome 5.0.375.125
Thunderbird Security Updates Address Critical Vulnerabilities
Critical Security Update Available for Firefox
Code Execution Flaw Fixed in PNG Library

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use