diff options
| author | simon <simon@FreeBSD.org> | 2004-12-15 01:55:51 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2004-12-15 01:55:51 +0800 |
| commit | 0045eab7191602ddeef2c33b014b31a6986250f3 (patch) | |
| tree | 4c97139780b32c9b01fc7a97bcd4cbc247e7439b /security | |
| parent | 0119d3d0c8af7e1389e1aa2966ca76861306b1a1 (diff) | |
| download | freebsd-ports-gnome-0045eab7191602ddeef2c33b014b31a6986250f3.tar.gz freebsd-ports-gnome-0045eab7191602ddeef2c33b014b31a6986250f3.tar.zst freebsd-ports-gnome-0045eab7191602ddeef2c33b014b31a6986250f3.zip | |
Document multiple vulnerabilities in wget.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 563b61a3b154..67f357234380 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,50 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="06f142ff-4df3-11d9-a9e7-0001020eed82"> + <topic>wget -- multiple vulnerabilities</topic> + <affects> + <package> + <name>wget</name> + <name>wget+ipv6</name> + <name>wget-devel</name> + <name>wgetpro</name> + <range><ge>0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jan Minar reports that there exists multiple + vulnerabilities in wget:</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=110269474112384"> + <p>Wget erroneously thinks that the current directory is a + fair game, and will happily write in any file in and below + it. Malicious HTTP response or malicious HTML file can + redirect wget to a file that is vital to the system, and + wget will create/append/overwrite it.</p> + <p>Wget apparently has at least two methods of + ``sanitizing'' the potentially malicious data it receives + from the HTTP stream, therefore a malicious redirects can + pass the check. We haven't find a way to trick wget into + writing above the parent directory, which doesn't mean + it's not possible.</p> + <p>Malicious HTTP response can overwrite parts of the + terminal so that the user will not notice anything wrong, + or will believe the error was not fatal.</p> + </blockquote> + </body> + </description> + <references> + <bid>11871</bid> + <mlist msgid="20041209091438.GA15010@kontryhel.haltyr.dyndns.org">http://marc.theaimsgroup.com/?l=bugtraq&m=110269474112384</mlist> + <url>http://bugs.debian.org/261755</url> + </references> + <dates> + <discovery>2004-12-09</discovery> + <entry>2004-12-14</entry> + </dates> + </vuln> + <vuln vid="4593cb09-4c81-11d9-983e-000c6e8f12ef"> <topic>konqueror -- Password Disclosure for SMB Shares</topic> <affects> |