Mandriva Linux Security Advisory 2010-170 - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a.wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
7e88aed1075989ac769d24f2faa6e97354507085f73aec9d9b3c569aa00eb29c
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:170
https://www.mandriva.com/security/
_______________________________________________________________________
Package : wget
Date : September 2, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in wget:
GNU Wget 1.12 and earlier uses a server-provided filename instead of
the original URL to determine the destination filename of a download,
which allows remote servers to create or overwrite arbitrary files
via a 3xx redirect to a URL with a .wgetrc filename followed by a
3xx redirect to a URL with a crafted filename, and possibly execute
arbitrary code as a consequence of writing to a dotfile in a home
directory (CVE-2010-2252).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
https://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2252
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
2f1452708ed6febe407e1c116158bd53 2008.0/i586/wget-1.10.2-6.2mdv2008.0.i586.rpm
21dd2f19ceeb8b36ab09963eda907d0b 2008.0/SRPMS/wget-1.10.2-6.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
befd1e73b9ffd3d01d75e7bc9bc63bcc 2008.0/x86_64/wget-1.10.2-6.2mdv2008.0.x86_64.rpm
21dd2f19ceeb8b36ab09963eda907d0b 2008.0/SRPMS/wget-1.10.2-6.2mdv2008.0.src.rpm
Mandriva Linux 2009.0:
355096fbe1677276227ea873583693b0 2009.0/i586/wget-1.11.4-1.2mdv2009.0.i586.rpm
cdf5a30faa17484a2866837e08b3550f 2009.0/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
a4085e07b09d67b8f295584ab35ddfbc 2009.0/x86_64/wget-1.11.4-1.2mdv2009.0.x86_64.rpm
cdf5a30faa17484a2866837e08b3550f 2009.0/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
d3d6016f347ac5d7b01edbb7b6c5cd5f 2009.1/i586/wget-1.11.4-2.2mdv2009.1.i586.rpm
9d8270a9b8de5d56f44a44c93e8011ed 2009.1/SRPMS/wget-1.11.4-2.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
940dd4720eb792e825dfa68997df35be 2009.1/x86_64/wget-1.11.4-2.2mdv2009.1.x86_64.rpm
9d8270a9b8de5d56f44a44c93e8011ed 2009.1/SRPMS/wget-1.11.4-2.2mdv2009.1.src.rpm
Mandriva Linux 2010.0:
798c72df6dcbba66b6a8a84ed39da2f8 2010.0/i586/wget-1.12-1.1mdv2010.0.i586.rpm
b907b039a3103699de15cfc8e4dd895b 2010.0/SRPMS/wget-1.12-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
02ec17f7b8fe8d4b32d0ecd1578e8e9f 2010.0/x86_64/wget-1.12-1.1mdv2010.0.x86_64.rpm
b907b039a3103699de15cfc8e4dd895b 2010.0/SRPMS/wget-1.12-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
b670d7af035db4c61a1dc925bd2586cf 2010.1/i586/wget-1.12-4.1mdv2010.1.i586.rpm
d237c820d5bd93b560c0c370bf645607 2010.1/SRPMS/wget-1.12-4.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
1d4e7f9d9fd44937207e1f9905ac2d99 2010.1/x86_64/wget-1.12-4.1mdv2010.1.x86_64.rpm
d237c820d5bd93b560c0c370bf645607 2010.1/SRPMS/wget-1.12-4.1mdv2010.1.src.rpm
Corporate 4.0:
de7e81f0336ff2366876ae2ff334c03a corporate/4.0/i586/wget-1.10-1.4.20060mlcs4.i586.rpm
1e64e31099b37e35e23b6aa64c6618fe corporate/4.0/SRPMS/wget-1.10-1.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
38bc352a335d0ab431b76c6889b020ec corporate/4.0/x86_64/wget-1.10-1.4.20060mlcs4.x86_64.rpm
1e64e31099b37e35e23b6aa64c6618fe corporate/4.0/SRPMS/wget-1.10-1.4.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
c079b55002ddd85953d889e8636f69e0 mes5/i586/wget-1.11.4-1.2mdvmes5.1.i586.rpm
d5b1e38ec6dc55ff0edfb9d07ff4551b mes5/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm
3d8118d89968bc2fd0fe68455362494a mes5/SRPMS/wget-1.11.4-1.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
63c67375cbc4539a081d7563bd7ddb79 mes5/x86_64/wget-1.11.4-1.2mdvmes5.1.x86_64.rpm
d5b1e38ec6dc55ff0edfb9d07ff4551b mes5/SRPMS/wget-1.11.4-1.2mdv2009.0.src.rpm
3d8118d89968bc2fd0fe68455362494a mes5/SRPMS/wget-1.11.4-1.2mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMf/BhmqjQ0CJFipgRAn0dAKCiHbjaDcjp9KH55a/7Srbgpy3A1ACfUGHR
Plzv1YaAjqNBe/kQDTFjFIM=
=WofG
-----END PGP SIGNATURE-----