#VU32275 Security Features in wget - CVE-2016-4971
Vulnerability identifier: #VU32275
Vulnerability risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
wget
Server applications /
File servers (FTP/HTTP)
Vendor: GNU
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
Mitigation
Install update from vendor's website.
Vulnerable software versions
wget: 1.5.3 - 1.17.1
External links
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1
https://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
https://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html
https://rhn.redhat.com/errata/RHSA-2016-2587.html
https://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://www.securityfocus.com/bid/91530
https://www.securitytracker.com/id/1036133
https://www.ubuntu.com/usn/USN-3012-1
https://bugzilla.redhat.com/show_bug.cgi?id=1343666
https://security.gentoo.org/glsa/201610-11
https://security.paloaltonetworks.com/CVE-2016-4971
https://www.exploit-db.com/exploits/40064/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
