Linux Today: Linux News On Internet Time.

More on LinuxToday

Wget Flaw Patched

Oct 28, 2014, 23:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

"It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov wrote in a Red Hat Bugzilla comment.

The flaw was actually first reported to the GNU Wget project by HD Moore, chief research officer at Rapid 7. The vulnerability has now also been publicly identified as CVE-2014-4877.

Complete Story

Related Stories: