FreeBSD : wget -- path traversal vulnerability in recursive FTP mode (ee7b4f9d-66c8-11e4-9ae1-e8e0b722a85e)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

MITRE reports :

Absolute path traversal vulnerability in GNU Wget before 1.16, when
recursion is enabled, allows remote FTP servers to write to arbitrary
files, and consequently execute arbitrary code, via a LIST response
that references the same filename within two entries, one of which
indicates that the filename is for a symlink.

See also :

http://www.nessus.org/u?457406a6

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 79079 ()

Bugtraq ID:

CVE ID: CVE-2014-4877

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now