Latest YouTube Video

Friday, November 25, 2016

[FD] [CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition

Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition CVE-2016-7098 Discovered by: Dawid Golunski (@dawid_golunski) http://ift.tt/2fcYckq Severity: Medium GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter. This might allow attackers to place malicious/restricted files onto the system. Depending on the application / download directory, this could potentially lead to other vulnerabilities such as code execution etc. The full advisory and a PoC exploit can be found at: http://ift.tt/2fHADQn For updates, follow: https://twitter.com/dawid_golunski

Source: Gmail -> IFTTT-> Blogger

No comments: