Wget < 1.5.4 Symlink Permission Modification

Medium Nessus Network Monitor Plugin ID 1743

Synopsis

The remote host is using a version of wget that contains a bug that may make it chmod downloaded symlinks when the option -N is used.

Description

The remote host is using a version of wget that contains a bug that may make it chmod downloaded symlinks when the option -N is used. An attacker may use this flaw by setting up a rogue FTP server with a symlink pointing to sensitive files.

Solution

Upgrade to Wget 1.5.4 or higher.

Plugin Details

Severity: Medium

ID: 1743

Family: Web Clients

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1735, 8314

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: cpe:/a:gnu:wget

Reference Information

BID: 1299