Dangerous Vulnerability Fixed In Wget

Posted by Soulskill on Wednesday October 29, 2014 @03:01AM from the under-the-radar dept.

jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.

2 of 58 comments (clear)

Min score:

Reason:

Sort:

Wget by Anonymous Coward · 2014-10-29 03:07 · Score: 2, Funny

Is that the tool you use to download IE ??
Erm... wait, that wasn't right....
Switching to windows by Anonymous Coward · 2014-10-29 03:43 · Score: 5, Funny

Too tired of this kind of crap from the open source community