Document multiple vulnerabilities in wget.

svn path=/head/; revision=124017
2024-12-11 02:50:24 +00:00 · 2004-12-14 17:55:51 +00:00 · 2004-12-14 17:55:51 +00:00 · 560c745a50 · 2021-03-31 03:12:20 +00:00
commit 560c745a50
parent 0ae2f52564
1 changed files with 44 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -32,6 +32,50 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="06f142ff-4df3-11d9-a9e7-0001020eed82">
+    <topic>wget -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>wget</name>
+	<name>wget+ipv6</name>
+	<name>wget-devel</name>
+	<name>wgetpro</name>
+	<range><ge>0</ge></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Jan Minar reports that there exists multiple
+	  vulnerabilities in wget:</p>
+	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110269474112384">
+	  <p>Wget erroneously thinks that the current directory is a
+            fair game, and will happily write in any file in and below
+            it.  Malicious HTTP response or malicious HTML file can
+            redirect wget to a file that is vital to the system, and
+            wget will create/append/overwrite it.</p>
+	  <p>Wget apparently has at least two methods of
+            ``sanitizing'' the potentially malicious data it receives
+            from the HTTP stream, therefore a malicious redirects can
+            pass the check.  We haven't find a way to trick wget into
+            writing above the parent directory, which doesn't mean
+            it's not possible.</p>
+	  <p>Malicious HTTP response can overwrite parts of the
+            terminal so that the user will not notice anything wrong,
+            or will believe the error was not fatal.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <bid>11871</bid>
+      <mlist msgid="20041209091438.GA15010@kontryhel.haltyr.dyndns.org">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110269474112384</mlist>
+      <url>http://bugs.debian.org/261755</url>
+    </references>
+    <dates>
+      <discovery>2004-12-09</discovery>
+      <entry>2004-12-14</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="4593cb09-4c81-11d9-983e-000c6e8f12ef">
    <topic>konqueror -- Password Disclosure for SMB Shares</topic>
    <affects>