Jump to content

Advisories MDVSA-2010:170: wget


paul
 Share

Recommended Posts

A vulnerability has been found and corrected in wget:

 

GNU Wget 1.12 and earlier uses a server-provided filename instead of

the original URL to determine the destination filename of a download,

which allows remote servers to create or overwrite arbitrary files

via a 3xx redirect to a URL with a .wgetrc filename followed by a

3xx redirect to a URL with a crafted filename, and possibly execute

arbitrary code as a consequence of writing to a dotfile in a home

directory (CVE-2010-2252).

 

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct this issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...