Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Aug 2016 13:59:28 -0500
From: Jordan Bettis <jordanb@...d.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability

On 08/11/2016 10:34 PM, Kurt Seifried wrote:
> 
> Please note that the attacker would also have to have access to the local
> file system, either shell access or by some additional exploit,
> additionally they would have to have read access to the file wget is
> downloading (so same security context, or really poor permissions).
> 
...
> Please note again that to exploit this you would need a situation where the
> attacker can control what wget is fetching, or execute a man in the middle
> attack, AND has local access to the system downloading the file AND has
> permissions to read the file AND some sort of additional vulnerability that
> requires being able to read a file in order to escalate privileges.
> 

Suppose I convince web admin to wget jpeg files from my server into his
web root. The jpeg directory also contains the file evil.php. During the
download, evil.php now exists in his web root and I can cause it to be
executed by visiting the correct path via http.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ