Description:
According to research done by Steve Christey [0], directory traversal
vulnerabilities exist in many FTP clients including wget [1].
Resolution of this issue was handled primarily through Mark Cox of
Red Hat whose patches were incorporated into the wget 1.8.2 HEAD
development branch of the vendor. The Common Vulnerabilities and
Exposures (CVE) project assigned the id CAN-2002-1344 [2] to the
problem.
Please check whether you are affected by running "<prefix>/bin/rpm -q
wget". If you have the "wget" package installed and its version is
affected (see above), we recommend that you immediately upgrade it
(see Solution). [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
[5], fetch it from the OpenPKG FTP service [6] or a mirror location,
verify its integrity [7], build a corresponding binary RPM from it [3]
and update your OpenPKG installation by applying the binary RPM [4].
For the release OpenPKG 1.1, perform the following operations to
permanently fix the security problem (for other releases adjust
accordingly).
$ rpm --rebuild ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get wget-1.8.2-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig wget-1.8.2-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild wget-1.8.2-1.1.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/wget-1.8.2-1.1.1.*.rpm
________________________________________________________________________
For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (http://www.gnupg.org/). For instance, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed] openpkg (at) openpkg (dot) org [email concealed]
OpenPKG-SA-2003.007 23-Jan-2003
________________________________________________________________________
Package: wget
Vulnerability: directory traversal vulnerability
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT <= wget-1.8.2-20021206 >= wget-1.8.2-20021216
OpenPKG 1.2 <= none N.A.
OpenPKG 1.1 <= wget-1.8.2-1.1.0 >= wget-1.8.2-1.1.1
Affected Releases: Dependent Packages: none
Description:
According to research done by Steve Christey [0], directory traversal
vulnerabilities exist in many FTP clients including wget [1].
Resolution of this issue was handled primarily through Mark Cox of
Red Hat whose patches were incorporated into the wget 1.8.2 HEAD
development branch of the vendor. The Common Vulnerabilities and
Exposures (CVE) project assigned the id CAN-2002-1344 [2] to the
problem.
Please check whether you are affected by running "<prefix>/bin/rpm -q
wget". If you have the "wget" package installed and its version is
affected (see above), we recommend that you immediately upgrade it
(see Solution). [3][4]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
[5], fetch it from the OpenPKG FTP service [6] or a mirror location,
verify its integrity [7], build a corresponding binary RPM from it [3]
and update your OpenPKG installation by applying the binary RPM [4].
For the release OpenPKG 1.1, perform the following operations to
permanently fix the security problem (for other releases adjust
accordingly).
$ rpm --rebuild ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.1/UPD
ftp> get wget-1.8.2-1.1.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig wget-1.8.2-1.1.1.src.rpm
$ <prefix>/bin/rpm --rebuild wget-1.8.2-1.1.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/wget-1.8.2-1.1.1.*.rpm
________________________________________________________________________
References:
[0] http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2
[1] http://sunsite.dk/wget/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1344
[3] http://www.openpkg.org/tutorial.html#regular-source
[4] http://www.openpkg.org/tutorial.html#regular-binary
[5] ftp://ftp.openpkg.org/release/1.1/UPD/wget-1.8.2-1.1.1.src.rpm
[6] ftp://ftp.openpkg.org/release/1.1/UPD/
[7] http://www.openpkg.org/security.html#signature
________________________________________________________________________
For security reasons, this advisory was digitally signed with
the OpenPGP public key "OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>" (ID 63C4CB9F)
of the OpenPKG project which you can find under the official URL
http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To
check the integrity of this advisory, verify its digital signature by
using GnuPG (http://www.gnupg.org/). For instance, pipe this message to
the command "gpg --verify --keyserver keyserver.pgp.com".
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg (at) openpkg (dot) org [email concealed]>
iD8DBQE+L/1tgHWT4GPEy58RAkSaAKCFkDghupTl/uAchoMWTLOfbhx6/QCcD08v
9+6wRt4YmmvQUQBcpstM2vM=
=/Zek
-----END PGP SIGNATURE-----
[ reply ]