wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a .. that resolves to the IP address of the malicious server, which bypasses wgets filtering for .. sequences.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wget | Gnu | 1.8 (including) | 1.8 (including) |
Wget | Gnu | 1.8.1 (including) | 1.8.1 (including) |
Wget | Gnu | 1.8.2 (including) | 1.8.2 (including) |
Wget | Gnu | 1.9 (including) | 1.9 (including) |
Wget | Gnu | 1.9.1 (including) | 1.9.1 (including) |
Red Hat Enterprise Linux 3 | RedHat | wget-0:1.10.1-1.30E.1 | * |
Red Hat Enterprise Linux 4 | RedHat | wget-0:1.10.1-2.4E.1 | * |
Wget | Ubuntu | dapper | * |
Wget | Ubuntu | devel | * |
Wget | Ubuntu | edgy | * |
Wget | Ubuntu | feisty | * |