[Tails-dev] wget prior to 1.16 allows for a web server to wr…
Català
Dansk
Deutsch
Ελληνικά
English
Español
suomi
Français
Galego
magyar
Italiano
日本語
Nederlands
Polski
Português
Português Brasileiro
Aquest missatge és part del següent fil:
l'arbre de fils complet ordenat per data
sajolida en
2014-10-30 09:17
Autor:
cartoon reality
Data:
2014-10-29 08:19
UTC
A:
tails-dev
Assumpte:
[Tails-dev] wget prior to 1.16 allows for a web server to write arbitrary files onthe client
wget prior to 1.16 allows for a web server to write arbitrary files on the client side.
A Metasploit module is available for testing:
https://github.com/rapid7/metasploit-framework/pull/4088
the disclosure is here:
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
Redhat's bug is here:
https://bugzilla.redhat.com/show_bug.cgi?id=1139181