Signature Detail

HTTP: Wget HTTP Redirect Directory Traversal

This signature detects attempts to exploit a known vulnerability against GNU Wget. GNU Wget versions 1.9.1 and earlier are vulnerable. Attackers, sending an HTTP Redirect response by a malicious server, can use the client to execute arbitrary commands.

Extended Description

Multiple remote vulnerabilities reportedly affect GNU wget. These issues are due to the application's failure to properly sanitize user-supplied input and to properly validate the presence of files before writing to them. The issues include: - a potential directory-traversal issue - an arbitrary file-overwriting vulnerability - a weakness caused by the application's failure to filter potentially malicious characters from server-supplied input. Via a malicious server, an attacker may exploit these issues to arbitrarily overwrite files within the current directory and potentially outside of it. This may let the attacker corrupt files, cause a denial of service, and possibly launch further attacks against the affected computer. Overwriting of files would take place with the privileges of the user that activates the vulnerable application.

Affected Products

• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• GNU wget 1.8.0
• GNU wget 1.8.1
• GNU wget 1.8.2
• GNU wget 1.9.0
• GNU wget 1.9.1
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• SuSE Linux 8.0.0
• SuSE Linux 8.0.0 i386
• SuSE Linux 8.1.0
• SuSE Linux Openexchange Server
• SuSE Linux Personal 10.0.0 OSS
• SuSE Linux Personal 10.1
• SuSE Linux Personal 8.2.0
• SuSE Linux Personal 9.0.0
• SuSE Linux Personal 9.0.0 X86 64
• SuSE Linux Personal 9.1.0
• SuSE Linux Personal 9.2.0
• SuSE Linux Professional 10.0.0
• SuSE Linux Professional 10.0.0 OSS
• SuSE Linux Professional 10.1
• SuSE Novell Linux Desktop 9.0.0
• SuSE SUSE Linux Enterprise Desktop 10
• SuSE SUSE Linux Enterprise Server 10
• SuSE SUSE Linux Enterprise Server 9
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 2.1.0
• Trustix Secure Linux 2.2.0
• Turbolinux Appliance Server 1.0.0 Hosting Edition
• Turbolinux Appliance Server 1.0.0 Workgroup Edition
• Turbolinux Home
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 7.0.0
• Turbolinux Turbolinux Server 8.0.0
• Turbolinux Turbolinux Workstation 7.0.0
• Turbolinux Turbolinux Workstation 8.0.0
• Ubuntu Ubuntu Linux 4.1.0 Ia32
• Ubuntu Ubuntu Linux 4.1.0 Ia64
• Ubuntu Ubuntu Linux 4.1.0 Ppc
• Ubuntu Ubuntu Linux 5.0.0 4 Amd64
• Ubuntu Ubuntu Linux 5.0.0 4 I386
• Ubuntu Ubuntu Linux 5.0.0 4 Powerpc

References

• BugTraq: 11871
• CVE: CVE-2004-1487
• URL: http://www.gnu.org/software/wget/wget.html
• URL: http://www.securityfocus.com/archive/1/383998
• URL: http://www.milw0rm.com/id.php?id=689