A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | wget | 2014-11-05 12:19 | ALAS-2014-442 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
NVD | CVSSv2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |