bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] security risk of unexpected download filenames


From: Solar Designer
Subject: [Bug-wget] security risk of unexpected download filenames
Date: Thu, 20 May 2010 08:47:21 +0400
User-agent: Mutt/1.4.2.3i

Giuseppe, Micah, all -

As I hope you're aware, oCERT has published an advisory on a security
issue with lftp, wget, and libwww-perl.  lftp and libwww-perl have fixed
the issue.  wget didn't.

http://www.ocert.org/advisories/ocert-2010-001.html

Here's a demonstration of an attack on what I think is a typical wget
cron job:

http://www.openwall.com/lists/oss-security/2010/05/18/13

The attack provides a .wgetrc, which enables a second invocation of the
cron job to overwrite a file such as .bash_profile.  This is just one
example.  Please do not "fix" this by treating ".wgetrc" specially.

Here's an unofficial patch for the issue:

http://www.openwall.com/lists/oss-security/2010/05/17/2

Now that we have a proof-of-concept real-world attack scenario and we
readily have a patch, would you possibly consider fixing this upstream?

Thanks,

Alexander



reply via email to

[Prev in Thread] Current Thread [Next in Thread]