Mandrake Linux Security Advisory : wget (MDKSA-2002:086)
Medium Nessus Plugin ID 13984
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA vulnerability in all versions of wget prior to and including 1.8.2 was discovered by Steven M. Christey. The bug permits a malicious FTP server to create or overwriet files anywhere on the local file system by sending filenames beginning with '/' or containing '/../'. This can be used to make vulnerable FTP clients write files that can later be used for attack against the client machine.
SolutionUpdate the affected wget package.