oss-sec mailing list archives
Re: CVE request for wget
From: Andreas Stieger <astieger () suse com>
Date: Wed, 9 Sep 2015 09:52:44 +0200
Hello, On 09/07/2015 10:39 PM, Austin English wrote:
This was reported to tails-dev [1] and other places [2] and is fixed upstream [3]. I've rebased the patch for 1.13.4 (attached), which is the current version in Debian wheezy [4] that Tails is based on. Please keep me in CC, as I'm not subscribed. [1] https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html [2] https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html [3] http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099 [4] https://packages.debian.org/wheezy/wget
To reproduce: A $> nc -lv 8020 B $> wget ftp://A:8020 On A keep entering "200 ok", the following will be printed:
$ wget ftp://dexter:8020 > --2015-09-08 17:11:30-- ftp://dexter:8020/ > =>
‘.listing’ > Resolving dexter (dexter)... 10.160.4.160 > Connecting to dexter (dexter)|10.160.4.160|:8020... connected. > Logging in as anonymous ... Logged in! > ==> SYST ... done. ==> PWD ... done. > ==> TYPE I ... done. ==> CWD not needed. > ==> PASV ... > Cannot parse PASV response. > ==> PORT ... On the server side:
$ nc -lv 8020 > Connection from 10.160.4.160 port 8020 [tcp/intu-ec-svcdisc] accepted 200 ok > USER anonymous > 200 ok > SYST > 200 ok > PWD > 200 ok > TYPE
I > 200 ok > PASV > 200 ok > PORT 10,160,4,160,134,42 ^^^^^^^^^^^^ This would affect IP users connecting through a privacy proxy or VPN, leaking their public IP address if they are otherwise connected without NAT. For users connecting without such a proxy but through NAT, it leaks the internal IP address. https://bugzilla.suse.com/show_bug.cgi?id=944858 Andreas -- Andreas Stieger <astieger () suse com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for wget Austin English (Sep 07)
- Re: CVE request for wget Victor Pereira (Sep 09)
- Re: CVE request for wget Andreas Stieger (Sep 09)
- Re: CVE request for wget Austin English (Sep 24)
- Re: CVE request for wget cve-assign (Sep 25)
- Re: CVE request for wget Austin English (Sep 28)
- Re: Re: CVE request for wget Andreas Stieger (Sep 29)