CVE-2014-4877: Path Traversal
First published: Mon Sep 08 2014(Updated: )
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/wget | <1.16 | 1.16 |
| Wget | <=1.15 | |
| Wget | =1.12 | |
| Wget | =1.13 | |
| Wget | =1.13.1 | |
| Wget | =1.13.2 | |
| Wget | =1.13.3 | |
| Wget | =1.13.4 | |
| Wget | =1.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0431.html
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0
- http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html
- http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html
- http://rhn.redhat.com/errata/RHSA-2014-1764.html
- http://rhn.redhat.com/errata/RHSA-2014-1955.html
- http://security.gentoo.org/glsa/glsa-201411-05.xml
- http://www.debian.org/security/2014/dsa-3062
- http://www.kb.cert.org/vuls/id/685996
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:121
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.securityfocus.com/bid/70751
- http://www.ubuntu.com/usn/USN-2393-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1139181
- https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
- https://github.com/rapid7/metasploit-framework/pull/4088
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://kc.mcafee.com/corporate/index?page=content&id=SB10106
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=935576&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=935576&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=936905&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=936905&action=edit
- https://access.redhat.com/support/policy/updates/errata/
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=69c45cba4382fcaabe3d86876bd5463dc34f442c
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1139181#c14
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1157633
- http://www.rapid7.com/db/modules/auxiliary/server/wget_symlink_file_write
- https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/server/wget_symlink_file_write.rb
- https://rhn.redhat.com/errata/RHSA-2014-1764.html
- https://rhn.redhat.com/errata/RHSA-2014-1955.html
Frequently Asked Questions
What is the severity of CVE-2014-4877?
CVE-2014-4877 has a severity rating that indicates a high risk due to potential arbitrary file writing and code execution.
How do I fix CVE-2014-4877?
To fix CVE-2014-4877, upgrade GNU Wget to version 1.16 or later.
Which versions of GNU Wget are affected by CVE-2014-4877?
CVE-2014-4877 affects GNU Wget versions prior to 1.16, specifically versions 1.15 and lower.
What type of vulnerability is CVE-2014-4877?
CVE-2014-4877 is classified as an absolute path traversal vulnerability leading to potential code execution.
Can CVE-2014-4877 be exploited remotely?
Yes, CVE-2014-4877 can be exploited remotely via malicious FTP servers using specially crafted LIST responses.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-4877
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/weakness
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/gnu
- canonical/wget
- version/wget/1.15
- version/wget/1.12
- version/wget/1.13
- version/wget/1.13.1
- version/wget/1.13.2
- version/wget/1.13.3
- version/wget/1.13.4
- version/wget/1.14