touch-packages team mailing list archive

Thread
Date

[Bug 1386711] Re: CVE-2014-4877 symlink arbitrary filesystem access

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1386711@xxxxxxxxxxxxxxxxxx>
Date: Wed, 29 Oct 2014 21:55:10 -0000
Reply-to: Bug 1386711 <1386711@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: wget (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wget in Ubuntu.
https://bugs.launchpad.net/bugs/1386711

Title:
  CVE-2014-4877 symlink arbitrary filesystem access

Status in “wget” package in Ubuntu:
  Confirmed

Bug description:
  wget prior to 1.16 allows for a web server to write arbitrary files on
  the client side. A Metasploit module is available for testing:

  https://github.com/rapid7/metasploit-framework/pull/4088

  the disclosure is here:

  https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15
  -gnu-wget-ftp-symlink-arbitrary-filesystem-access

  Redhat's bug is here:

  https://bugzilla.redhat.com/show_bug.cgi?id=1139181

  Vulnerable on:

  Description:	Ubuntu 13.10
  Release:	13.10

  Package version:

  wget:
    Installed: 1.14-2ubuntu1
    Candidate: 1.14-2ubuntu1
    Version table:
   *** 1.14-2ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1386711/+subscriptions

References

[Bug 1386711] [NEW] CVE-2014-4877 symlink arbitrary filesystem access
From: Tod Beardsley, 2014-10-28