Dangerous Vulnerability Fixed In Wget

Posted by Soulskill on Wednesday October 29, 2014 @03:01AM from the under-the-radar dept.

jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.

3 of 58 comments (clear)

Min score:

Reason:

Sort:

super user by goombah99 · 2014-10-29 03:11 · Score: 1, Insightful

so dont run wget as root?

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re: super user by undisclosedrecipient · 2014-10-29 03:49 · Score: 4, Insightful
  
  Root access is the worst case indeed, but it's not a silver bullet if what you really want to protect is accessible by current user. I've seen my share of magical thinking banning root at all costs while in fact confidential data can be grabbed by an exploitable non-root user.
Neat. by ledow · 2014-10-29 03:27 · Score: 4, Insightful

Neat trick.
But if you have arbitrary FTP URL's from untrusted sources piped straight into wget on a server you run, you have bigger problems than someone trashing your filesystem or overwriting your /etc/passwd.