• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

WGet NLST Client Side File Overwriting Vulnerability

wget is a freely available, open source FTP utility. It is included with many Unix and Linux operating systems.

wget does not properly handle some types of server responses. When a NLST response is received from an FTP server, RFC specifications require that clients check the input to see if it contains directory information. wget does not properly check this information, which may allow a remote FTP server to overwrite files on the client system.