CVE-2014-4877 Information

Description

Absolute path traversal vulnerability in GNU Wget before 1.16 when recursion is enabled allows remote FTP servers to write to arbitrary files and consequently execute arbitrary code via a LIST response that references the same filename within two entries one of which indicates that the filename is for a symlink.

Reference

http://advisories.mageia.org/MGASA-2014-0431.html http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0 http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html http://rhn.redhat.com/errata/RHSA-2014-1764.html http://rhn.redhat.com/errata/RHSA-2014-1955.html http://security.gentoo.org/glsa/glsa-201411-05.xml http://www.debian.org/security/2014/dsa-3062 http://www.kb.cert.org/vuls/id/685996 http://www.mandriva.com/security/advisories?name=MDVSA-2015:121 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/70751 http://www.ubuntu.com/usn/USN-2393-1 https://bugzilla.redhat.com/show_bug.cgi?id=1139181 https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access https://github.com/rapid7/metasploit-framework/pull/4088 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://kc.mcafee.com/corporate/index?page=content&id=SB10106