oss-sec mailing list archives
Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability
From: Jordan Bettis <jordanb () hafd org>
Date: Thu, 25 Aug 2016 13:59:28 -0500
On 08/11/2016 10:34 PM, Kurt Seifried wrote:
Please note that the attacker would also have to have access to the local file system, either shell access or by some additional exploit, additionally they would have to have read access to the file wget is downloading (so same security context, or really poor permissions).
...
Please note again that to exploit this you would need a situation where the attacker can control what wget is fetching, or execute a man in the middle attack, AND has local access to the system downloading the file AND has permissions to read the file AND some sort of additional vulnerability that requires being able to read a file in order to escalate privileges.
Suppose I convince web admin to wget jpeg files from my server into his web root. The jpeg directory also contains the file evil.php. During the download, evil.php now exists in his web root and I can cause it to be executed by visiting the correct path via http.
Current thread:
- CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh (Aug 11)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Kurt Seifried (Aug 11)
- Re: [Bug-wget] [oss-security] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Tim Rühsen (Aug 12)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Jordan Bettis (Aug 25)
- Re: [Bug-wget] CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Tim Rühsen (Aug 14)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability cve-assign (Aug 27)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh (Aug 28)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability cve-assign (Aug 28)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Misra, Deapesh (Aug 28)
- Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability Kurt Seifried (Aug 11)