← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #29606

[Bug 1386711] [NEW] CVE-2014-4877 symlink arbitrary filesystem access

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Public security bug reported:

wget prior to 1.16 allows for a web server to write arbitrary files on
the client side. A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15
-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

Vulnerable on:

Description:	Ubuntu 13.10
Release:	13.10

Package version:

wget:
  Installed: 1.14-2ubuntu1
  Candidate: 1.14-2ubuntu1
  Version table:
 *** 1.14-2ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
        100 /var/lib/dpkg/status

** Affects: wget (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-4877

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wget in Ubuntu.
https://bugs.launchpad.net/bugs/1386711

Title:
  CVE-2014-4877 symlink arbitrary filesystem access

Status in “wget” package in Ubuntu:
  New

Bug description:
  wget prior to 1.16 allows for a web server to write arbitrary files on
  the client side. A Metasploit module is available for testing:

  https://github.com/rapid7/metasploit-framework/pull/4088

  the disclosure is here:

  https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15
  -gnu-wget-ftp-symlink-arbitrary-filesystem-access

  Redhat's bug is here:

  https://bugzilla.redhat.com/show_bug.cgi?id=1139181

  Vulnerable on:

  Description:	Ubuntu 13.10
  Release:	13.10

  Package version:

  wget:
    Installed: 1.14-2ubuntu1
    Candidate: 1.14-2ubuntu1
    Version table:
   *** 1.14-2ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1386711/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next