CVE-2014-4877 – wget: FTP symlink arbitrary filesystem access

https://notcve.org/view.php?id=CVE-2014-4877

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. Vulnerabilidad de salto de ruta absoluta en GNU Wget anterior a 1.16, cuando la recursión esta habilitada, permite a servidores FTP remotos escribir a ficheros arbitrarios, y como consecuencia ejecutar código arbitrario, a través de una respuesta LIST que hace referencia al mismo nombre de fichero dentro de dos entradas, una de las cuales indica que el nombre de fichero es para un enlace simbólico. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. • http://advisories.mageia.org/MGASA-2014-0431.html http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0 http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html http://lists.opensuse.org/opensuse-updates/2014-11/msg0002 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •