Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wget | Gnu | 1.5.3 (including) | 1.5.3 (including) |
Wget | Gnu | 1.6 (including) | 1.6 (including) |
Wget | Gnu | 1.7 (including) | 1.7 (including) |
Wget | Gnu | 1.7.1 (including) | 1.7.1 (including) |
Wget | Gnu | 1.8 (including) | 1.8 (including) |
Wget | Gnu | 1.8.1 (including) | 1.8.1 (including) |
Wget | Gnu | 1.8.2 (including) | 1.8.2 (including) |
Wget | Gnu | 1.9 (including) | 1.9 (including) |
Wget | Gnu | 1.9.1 (including) | 1.9.1 (including) |