Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Ubuntu 2393-1 Moderate: Wget Path Traversal Risk Advisory

ubuntu
Calendar Grey October 30, 2014
Scroller Ubuntu Esm H88
A flaw in Wget on Ubuntu poses risks for file overwriting. Mitigate this by applying updates to safeguard security in impacted versions.
Wget could be made to overwrite files.

Summary

Wget could be made to overwrite files.

Software Description:

- wget: retrieves files from the web

Details:

HD Moore discovered that Wget contained a path traversal vulnerability

when downloading symlinks using FTP. A malicious remote FTP server or a man

in the middle could use this issue to cause Wget to overwrite arbitrary

files, possibly leading to arbitrary code execution.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  wget                            1.15-1ubuntu1.14.10.1

Ubuntu 14.04 LTS:
  wget                            1.15-1ubuntu1.14.04.1

Ubuntu 12.04 LTS:
  wget                            1.13.4-2ubuntu1.2

Ubuntu 10.04 LTS:
  wget                            1.12-1.1ubuntu2.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2393-1

CVE-2014-4877

Severity
important
Lowest
Low
Medium
High
Critical

October 30, 2014

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.