Fwd: wget: Arbitrary file overwriting/appending/creating and
other vulnerabilities]
Jon South
striker at lunar-linux.org
Fri Dec 10 18:37:23 UTC 2004
Jaime Buffery wrote:
> ----- Forwarded message from Archaic <archaic at linuxfromscratch.org> -----
> ----- Forwarded message from Jan Minar <jjminar at FastMail.FM> -----
>
> To: bugtraq at securityfocus.com
> From: Jan Minar <jjminar at FastMail.FM>
> Date: Thu, 9 Dec 2004 09:14:38 +0000
> User-Agent: Mutt/1.3.28i
> Subject: wget: Arbitrary file overwriting/appending/creating and other vulnerabilities
>
> ------------------------------------------------------------------------
> Summary
> ------------------------------------------------------------------------
> Product: wget
> Versions: 1.8.x
> Versions: 1.9.x (to lesser extent)
> Versions: Versions < 1.8 are probably vulnerable too
--SNIP--
I dont see that this is much of a big deal since 1) lget doesnt use -r
or -x 2) lget uses /tmp (or /var/tmp)
However, I do think it to be a good idea to force lget to use the -O
switch asap.
Just my $0.02
-Striker
--
The system requirements said "Windows 95 or better"
So I installed Linux.
Microsoft sells you Windows; Linux gives you the house.
v1sw6CUhw5ln4pr5ck4ma6/7u8Lw3Tm5l6+8GOa21s6Mr2e5+7t5/6TNDVESLFRXMb3Hp0en6/7g9ASTHCNMP
www.hackerkey.com
Registered Linux User: 332618
<http://striker.interhact.net/striker.asc>
More information about the Lunar-dev
mailing list