Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-4877

Disclosure Date: October 29, 2014
CVE-2014-4877
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
auxiliary/server/wget_symlink_file_write
Reporter
Unknown

Vendors

  • gnu

Products

  • wget,
  • wget 1.12,
  • wget 1.13,
  • wget 1.13.1,
  • wget 1.13.2,
  • wget 1.13.3,
  • wget 1.13.4,
  • wget 1.14

References

Canonical
CVE-2014-4877 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877)
BID-70751 (http://www.securityfocus.com/bid/70751)
Advisory
http://git.savannah.gnu.org/cgit/wget.git/commit?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0
GLSA-201411-05 (http://security.gentoo.org/glsa/glsa-201411-05.xml)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
[bug-wget] 20141027 GNU wget 1.16 released (http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html)
USN-2393-1 (http://www.ubuntu.com/usn/USN-2393-1)
http://www.mandriva.com/security/advisories?name=MDVSA-2015:121
http://rhn.redhat.com/errata/RHSA-2014-1955.html
DSA-3062 (http://www.debian.org/security/2014/dsa-3062)
http://git.savannah.gnu.org/cgit/wget.git/commit?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
VU#685996 (http://www.kb.cert.org/vuls/id/685996)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
http://rhn.redhat.com/errata/RHSA-2014-1764.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html
https://bugzilla.redhat.com/show_bug.cgi?id=1139181
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
http://advisories.mageia.org/MGASA-2014-0431.html
Miscellaneous
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
https://github.com/rapid7/metasploit-framework/pull/4088

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis