Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

CVE-2014-4877: Wget FTP Symlink Attack Vulnerability


Crypto

Recommended Posts

 

 

linux-wget-symlink-hacking-exploit.png
The open-source Wget application which is most widely used on Linux and Unix systems for retrieving files from the web has found vulnerable to a critical flaw.
 
GNU Wget is a command-line utility designed to retrieve files from the Web using HTTP, HTTPS, and FTP, the most widely used Internet protocols. Wget can be easily installed on any Unix-like system and has been ported to many environments, including Microsoft Windows, Mac OS X, OpenVMS, MorphOS and AmigaOS.
 
When a recursive directory fetch over FTP server as the target, it would let an attacker "create arbitrary files, directories or symbolic links" due to a symlink flaw.
 
 

IMPACT OF SYMLINK ATTACK

"

It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP

," developer Vasyl Kaigorodov wrote in a Red Hat Bugzilla 

comment

.

A remote unauthenticated malicious FTP server connected to the victim via wget would allow attackers to do anything they wanted. Wget could download and create or overwrite existing files within the context of the user running wget.
 
The vulnerability was first reported to the GNU Wget project by HD Moore, chief research officer at Rapid7. and is publicly identified as CVE-2014-4877. The flaw is considered critical since wget is present on nearly every Linux server in the world, and is installable (although not by default) on OS X machines as well, so needs a patch as soon as possible.
 
PATCH AVAILABLE

"

This flaw can lead to remote code execution through system-level vectors such as cron and user-level vectors such as bash profile files and SSH authorized_keys

," Moore wrote.

The vulnerability has now been fixed by the Wget project in wget 1.16, which blocks the default setting that allowed the setting of local symlinks.

"

Upgrade to wget version 1.16 or a package that has backported the CVE-2014-4877 patch

," Moore said.

WORKAROUND AVAILABLE EXPLOIT

"

This issue can be mitigated by ensuring that all invocations of wget in the mirror mode also specify --retr-symlinks command line option

," wrote Tomas Hoger on the Bugzilla report. "

Doing so is equivalent to applying the upstream commit linked in comment 14, which changes the default for the retr-symlinks options from off/no to on/yes, preventing creation of symbolic links locally.

"

"

In addition to changing arguments in all scripts or programs that invoke wget, it is possible to enabled[sic] retr-symlinks option via wget configuration file - either global /etc/wgetrc, or user specific ~/.wgetrc - by adding the line: retr-symlinks=on

"

An exploit for the vulnerability is now available on the open-source Metasploit penetration testing Website, so that security researchers could test the bug. You can download the exploit from here. 
                Add Rep and Leave a feedback
                      Reputation is the green button in the down right corner on my post

 

do you understand            if you having fun?                  it's a rising sun                           it's a man killing                              what's that feelin'

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...