FKIE_CVE-2014-4877

Vulnerability from fkie_nvd - Published: 2014-10-29 10:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
References
cret@cert.orghttp://advisories.mageia.org/MGASA-2014-0431.html
cret@cert.orghttp://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
cret@cert.orghttp://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0Patch
cret@cert.orghttp://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.htmlPatch
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
cret@cert.orghttp://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html
cret@cert.orghttp://rhn.redhat.com/errata/RHSA-2014-1764.html
cret@cert.orghttp://rhn.redhat.com/errata/RHSA-2014-1955.html
cret@cert.orghttp://security.gentoo.org/glsa/glsa-201411-05.xml
cret@cert.orghttp://www.debian.org/security/2014/dsa-3062
cret@cert.orghttp://www.kb.cert.org/vuls/id/685996Patch, US Government Resource
cret@cert.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2015:121
cret@cert.orghttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
cret@cert.orghttp://www.securityfocus.com/bid/70751
cret@cert.orghttp://www.ubuntu.com/usn/USN-2393-1
cret@cert.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1139181Patch
cret@cert.orghttps://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-accessExploit
cret@cert.orghttps://github.com/rapid7/metasploit-framework/pull/4088Exploit
cret@cert.orghttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
cret@cert.orghttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
cret@cert.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10106
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0431.html
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1764.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1955.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201411-05.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3062
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/685996Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:121
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70751
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2393-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1139181Patch
af854a3a-2127-422b-91ae-364da2661108https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-accessExploit
af854a3a-2127-422b-91ae-364da2661108https://github.com/rapid7/metasploit-framework/pull/4088Exploit
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10106
Impacted products
Vendor Product Version
gnu wget *
gnu wget 1.12
gnu wget 1.13
gnu wget 1.13.1
gnu wget 1.13.2
gnu wget 1.13.3
gnu wget 1.13.4
gnu wget 1.14
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC092879-65CD-4F25-80DA-70514D6B2A6E",
              "versionEndIncluding": "1.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E5E724-5DC7-4264-BF3D-27CFB093AC03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D42285-E640-4EF9-8E1A-072C77F6A9C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB7F0263-11A7-4E85-8A5D-FB41F6CDF784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "244D4F9A-4697-4DF2-9590-36203F19DA63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE195AF-F305-4B47-8047-C20B1CB6BF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC6F6840-CAA0-422D-89CF-920D8314A27B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D225A5FC-7BA8-4DD8-9A9F-6AAA3D15A8A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de ruta absoluta en GNU Wget anterior a 1.16, cuando la recursi\u00f3n esta habilitada, permite a servidores FTP remotos escribir a ficheros arbitrarios, y como consecuencia ejecutar c\u00f3digo arbitrario, a trav\u00e9s de una respuesta LIST que hace referencia al mismo nombre de fichero dentro de dos entradas, una de las cuales indica que el nombre de fichero es para un enlace simb\u00f3lico."
    }
  ],
  "id": "CVE-2014-4877",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-29T10:55:05.417",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://advisories.mageia.org/MGASA-2014-0431.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1764.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1955.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://security.gentoo.org/glsa/glsa-201411-05.xml"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.debian.org/security/2014/dsa-3062"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/685996"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:121"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/70751"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.ubuntu.com/usn/USN-2393-1"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139181"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/rapid7/metasploit-framework/pull/4088"
    },
    {
      "source": "cret@cert.org",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
    },
    {
      "source": "cret@cert.org",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "cret@cert.org",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0431.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1764.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1955.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201411-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/685996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2393-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/rapid7/metasploit-framework/pull/4088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10106"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.