Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Mandriva » Wget vulnerability

Wget vulnerability

Hugo Vazquez Carames discovered a race condition when writing output files in wget. After wget determined the output file name, but before the file was actually opened, a local attacker with write permissions to the download directory could create a symbolic link with the name of the output file. This could be exploited to overwrite arbitrary files with the permissions of the user invoking wget. The time window of opportunity for the attacker is determined solely by the delay of the first received data packet.

  • Vendor: Mandriva
  • Vendor ID: MDKSA-2005:204
  • Date: November 01, 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:204
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wget
Date : November 1, 2005
Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Hugo Vazquez Carames discovered a race condition when writing output
files in wget. After wget determined the output file name, but before
the file was actually opened, a local attacker with write permissions
to the download directory could create a symbolic link with the name
of the output file. This could be exploited to overwrite arbitrary
files with the permissions of the user invoking wget. The time window
of opportunity for the attacker is determined solely by the delay of
the first received data packet.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2014
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
28b67f788c7ed5f28ca7e752b15a9eb8 10.1/RPMS/wget-1.9.1-4.3.101mdk.i586.rpm
b0b856e5eeb63f608476877942f6a216 10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
d2fc09595e4bf4267c7cc7d9d5def8ee x86_64/10.1/RPMS/wget-1.9.1-4.3.101mdk.x86_64.rpm
b0b856e5eeb63f608476877942f6a216 x86_64/10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm

Corporate 3.0:
91f8d363d41afb43943f3f5569e2e83c corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.i586.rpm
8ce78a19c89331fdb7527e6a4674376c corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
e3796c54a067d9ef54d08f779fe3ec9d x86_64/corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.x86_64.rpm
8ce78a19c89331fdb7527e6a4674376c x86_64/corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
f834aa6b814014c20b6d97fd7a893ea6 mnf/2.0/RPMS/wget-1.9.1-4.3.M20mdk.i586.rpm
00f1b8920df39e3f4fc35eea07879168 mnf/2.0/SRPMS/wget-1.9.1-4.3.M20mdk.src.rpm

Mandriva Linux 10.2:
36dfb01a50fcdec20d379001f2054ba4 10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm
82584cb410bcb5104f44d3429675e7e5 10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
36dfb01a50fcdec20d379001f2054ba4 x86_64/10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm
82584cb410bcb5104f44d3429675e7e5 x86_64/10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDZ/jemqjQ0CJFipgRAjGJAKDtkgHO1ZWuWus4X5CPffEGbA0FxgCcDaXT
yJo8rb9mFDl/0yBiIKUdigo=
=y4/v
-----END PGP SIGNATURE-----

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »