• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU WGet Multiple Remote Vulnerabilities

Multiple remote vulnerabilities reportedly affect GNU wget. These issues are due to the application's failure to properly sanitize user-supplied input and to properly validate the presence of files before writing to them. The issues include:

- a potential directory-traversal issue
- an arbitrary file-overwriting vulnerability
- a weakness caused by the application's failure to filter potentially malicious characters from server-supplied input.

Via a malicious server, an attacker may exploit these issues to arbitrarily overwrite files within the current directory and potentially outside of it. This may let the attacker corrupt files, cause a denial of service, and possibly launch further attacks against the affected computer. Overwriting of files would take place with the privileges of the user that activates the vulnerable application.