Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Aug 2016 13:59:28 -0500
From: Jordan Bettis <jordanb@...d.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability

On 08/11/2016 10:34 PM, Kurt Seifried wrote:
> 
> Please note that the attacker would also have to have access to the local
> file system, either shell access or by some additional exploit,
> additionally they would have to have read access to the file wget is
> downloading (so same security context, or really poor permissions).
> 
...
> Please note again that to exploit this you would need a situation where the
> attacker can control what wget is fetching, or execute a man in the middle
> attack, AND has local access to the system downloading the file AND has
> permissions to read the file AND some sort of additional vulnerability that
> requires being able to read a file in order to escalate privileges.
> 

Suppose I convince web admin to wget jpeg files from my server into his
web root. The jpeg directory also contains the file evil.php. During the
download, evil.php now exists in his web root and I can cause it to be
executed by visiting the correct path via http.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.