Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dangerous Vulnerability Fixed In Wget

Posted by Soulskill on from the under-the-radar dept.

jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.

1 of 58 comments (clear)

  1. Switching to windows by Anonymous Coward · · Score: 5, Funny

    Too tired of this kind of crap from the open source community