Date: Thu, 25 Aug 2016 13:59:28 -0500 From: Jordan Bettis <jordanb@...d.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability On 08/11/2016 10:34 PM, Kurt Seifried wrote: > > Please note that the attacker would also have to have access to the local > file system, either shell access or by some additional exploit, > additionally they would have to have read access to the file wget is > downloading (so same security context, or really poor permissions). > ... > Please note again that to exploit this you would need a situation where the > attacker can control what wget is fetching, or execute a man in the middle > attack, AND has local access to the system downloading the file AND has > permissions to read the file AND some sort of additional vulnerability that > requires being able to read a file in order to escalate privileges. > Suppose I convince web admin to wget jpeg files from my server into his web root. The jpeg directory also contains the file evil.php. During the download, evil.php now exists in his web root and I can cause it to be executed by visiting the correct path via http.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ