GNU Wget < 1.18 Arbitrary File Upload URL: http://ift.tt/29ObLnL CVE-2016-4971 GNU Wget before 1.18 when supplied with a malicious URL (to a malicious or compromised web server) can be tricked into saving an arbitrary remote file supplied by an attacker, with arbitrary contents and filename under the current directory and possibly other directories by writing to .wgetrc. Depending on the context in which wget is used, this can lead to remote code execution and even root privilege escalation if wget is run via a root cronjob as is often the case in many web application deployments. The vulnerability could also be exploited by well-positioned attackers within the network who are able to intercept/modify the network traffic. As most of the main linux distributions have updated their wget packages, the exploit has been made public. You can see my full advisory at: http://ift.tt/29ObLnL
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment