icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Wget < 1.5.4 Symlink Permission Modification

Medium

Synopsis

N/A

Description

The remote host is using a version of wget that contains a bug that may make it chmod downloaded symlinks when the option -N is used. An attacker may use this flaw by setting up a rogue FTP server with a symlink pointing to sensitive files.

Solution

Upgrade to Wget 1.5.4 or higher.