GLSA-201110-10 : Wget: User-assisted file creation or overwrite

Medium Nessus Plugin ID 56503


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-201110-10 (Wget: User-assisted file creation or overwrite)

It was discovered that Wget was unsafely trusting server-provided filenames. This allowed attackers to overwrite or create files on the user's system by sending a redirect from the expected URL to another URL specifying the targeted file.
Impact :

An unauthenticated remote attacker may be able to create or overwrite local files by enticing the user to open an attacker controlled URL, possibly leading to execution of arbitrary code.
Workaround :

There is no known workaround at this time.


All Wget users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/wget-1.12-r2' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 19, 2010. It is likely that your system is already no longer affected by this issue.

See Also

Plugin Details

Severity: Medium

ID: 56503

File Name: gentoo_GLSA-201110-10.nasl

Version: $Revision: 1.5 $

Type: local

Published: 2011/10/14

Modified: 2016/04/28

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:wget, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/10/13

Reference Information

CVE: CVE-2010-2252

OSVDB: 66109

GLSA: 201110-10