Mandrake Linux Security Advisory : wget (MDKSA-2005:204)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Hugo Vazquez Carames discovered a race condition when writing output
files in wget. After wget determined the output file name, but before
the file was actually opened, a local attacker with write permissions
to the download directory could create a symbolic link with the name
of the output file. This could be exploited to overwrite arbitrary
files with the permissions of the user invoking wget. The time window
of opportunity for the attacker is determined solely by the delay of
the first received data packet.

The updated packages have been patched to correct this issue.

Solution :

Update the affected wget package.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 20128 (mandrake_MDKSA-2005-204.nasl)

Bugtraq ID:

CVE ID: CVE-2004-2014

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now