Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability
From: Solar Designer <solar () openwall com>
Date: Fri, 11 Jun 2010 12:53:25 +0400


Here's a summary of relevant postings to oss-security and bug-wget.

Unofficial patch for wget, by Florian Weimer:

PoC attack on a wget cron job resulting in a .bash_profile overwrite:

Brief description of an attack on a wget cron job not involving a
dot-file nor a home directory (but involving a website tree instead):

Advice on back-porting lftp's fix to versions 3.4.7 through 4.0.5:

On Wed, Jun 09, 2010 at 06:16:39PM +0200, Marcus Meissner wrote:
Did anyone assign CVE ids for these?

Marcus' reminder has resulted in the following CVE assignments:

CVE-2010-2251 - lftp
CVE-2010-2252 - wget
CVE-2010-2253 - libwww-perl as used in lwp-download


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]