Paketname
wget
Datum
2002-12-11
Advisory ID
MDKSA-2002:086
Betroffene Versionen
8.1 i586 , SNF7.2 i586 , 8.1 i586 , 8.0 i586 , 9.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.2 i586

Problembeschreibung

A vulnerability in all versions of wget prior to and including 1.8.2 was discovered by Steven M. Christey. The bug permits a malicious FTP server to create or overwriet files anywhere on the local file system by sending filenames beginning with "/" or containing "/../". This can be used to make vulnerable FTP clients write files that can later be used for attack against the client machine.

Aktualisierte Pakete

8.1 i586

 de7f59b11fa67fe6dd87a282b7ae47f4  ia64/8.1/RPMS/wget-1.8.2-3.1mdk.ia64.rpm
d84e6c60c2b8a1df2fdfd37022325df0  ia64/8.1/SRPMS/wget-1.8.2-3.1mdk.src.rpm

SNF7.2 i586

 56f86210d618f4659468b03cca5f5367  snf7.2/RPMS/wget-1.8.2-3.1mdk.i586.rpm
d84e6c60c2b8a1df2fdfd37022325df0  snf7.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm

8.1 i586

 86909f6a3f8c1cb14177047efdbf508d  8.1/RPMS/wget-1.8.2-3.1mdk.i586.rpm
d84e6c60c2b8a1df2fdfd37022325df0  8.1/SRPMS/wget-1.8.2-3.1mdk.src.rpm

8.0 i586

 b998782770af6b72e98d77840fe1d11a  8.0/RPMS/wget-1.8.2-3.1mdk.i586.rpm
d84e6c60c2b8a1df2fdfd37022325df0  8.0/SRPMS/wget-1.8.2-3.1mdk.src.rpm

9.0 i586

 f7658d3f4e94bf736bf02d053a597e0a  9.0/RPMS/wget-1.8.2-3.1mdk.i586.rpm
d84e6c60c2b8a1df2fdfd37022325df0  9.0/SRPMS/wget-1.8.2-3.1mdk.src.rpm

8.2 i586

 6d851936f51c179f2412b5cb3323eb01  8.2/RPMS/wget-1.8.2-3.1mdk.i586.rpm
d84e6c60c2b8a1df2fdfd37022325df0  8.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm

8.0 i586

 83bcfaa286ca31287910d0de7ad885db  ppc/8.0/RPMS/wget-1.8.2-3.1mdk.ppc.rpm
d84e6c60c2b8a1df2fdfd37022325df0  ppc/8.0/SRPMS/wget-1.8.2-3.1mdk.src.rpm

8.2 i586

 d9b9435e30763b13a852a7ed191fc7cf  ppc/8.2/RPMS/wget-1.8.2-3.1mdk.ppc.rpm
d84e6c60c2b8a1df2fdfd37022325df0  ppc/8.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm

7.2 i586

 56f86210d618f4659468b03cca5f5367  7.2/RPMS/wget-1.8.2-3.1mdk.i586.rpm
d84e6c60c2b8a1df2fdfd37022325df0  7.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm

Referenzen