Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Wget < 1.5.4 Symlink Permission Modification

Medium

Synopsis

N/A

Description

The remote host is using a version of wget that contains a bug that may make it chmod downloaded symlinks when the option -N is used. An attacker may use this flaw by setting up a rogue FTP server with a symlink pointing to sensitive files.

Solution

Upgrade to Wget 1.5.4 or higher.