[Tails-dev] SSD Advisory – Wget Arbitrary Commands Execution

This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message

Reply to this message
Author: Anonymous Remailer (austria)
Date:  
To: tails-dev
New-Topics: Re: [Tails-dev] SSD Advisory – Wget Arbitrary Commands Execution
Subject: [Tails-dev] SSD Advisory – Wget Arbitrary Commands Execution

"Vulnerability Description
A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands. The commands are executed with the privileges with which wget is running. This could prove to be quite severe when wget is launched as ‘root’.

Vulnerable Version

Wget version 1.17 and prior"

More delish meaty bits:
https://blogs.securiteam.com/index.php/archives/2701

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] [GSoC] Tails Server - status report 4[Tails-dev] Onion service for labs.riseup.net->
lists.autistici.org administrated by postmasterLurker (version 2.3)