Vulnerability Bulletins |
Condición de carrera en Wget |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Integridad |
Dificulty | Principiante |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software |
wget 1.9 wget 1.9.1 |
Description |
|
Se ha descubierto una vulnerabilidad de condición de carrera en las versiones 1.9 y 1.9.1 de Wget. La vulnerabilidad se da cuándo se va a descargar un archivo para guardarlo en disco ya que lo primero que se hace es comprobar que el fichero no exista previamente (si existe se salva el fichero con un nombre diferente) pero después de la comprobación hasta que el fichero se descarga y se guarda en disco hay una ventana de tiempo que permitiría a un atacante local lanzar un ataque de enlace simbólico siempre que el archivo se guarde en un directorio donde el atacante tenga permisos de escritura (por ejemplo /tmp). La explotación de esta vulnerabilidad podría permitir a un atacante local sobrescribir archivos con los permisos del usuario que descarga un archivo con una versión vulnerable de wget. |
|
Solution |
|
Actualización de software Red Hat Red Hat Desktop (v. 3) / SRPMS wget-1.10.1-1.30E.1.src.rpm Red Hat Desktop (v. 3) / IA-32 wget-1.10.1-1.30E.1.i386.rpm Red Hat Desktop (v. 3) / x86_64 wget-1.10.1-1.30E.1.x86_64.rpm Red Hat Desktop (v. 4) / SRPMS wget-1.10.1-2.4E.1.src.rpm Red Hat Desktop (v. 4) / IA-32 wget-1.10.1-2.4E.1.i386.rpm Red Hat Desktop (v. 4) / x86_64 wget-1.10.1-2.4E.1.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS wget-1.10.1-0.AS21.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32 wget-1.10.1-0.AS21.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64 wget-1.10.1-0.AS21.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS wget-1.10.1-1.30E.1.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32 wget-1.10.1-1.30E.1.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64 wget-1.10.1-1.30E.1.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC wget-1.10.1-1.30E.1.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390 wget-1.10.1-1.30E.1.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x wget-1.10.1-1.30E.1.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64 wget-1.10.1-1.30E.1.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS wget-1.10.1-2.4E.1.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 wget-1.10.1-2.4E.1.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 wget-1.10.1-2.4E.1.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC wget-1.10.1-2.4E.1.ppc.rpm Red Hat Enterprise Linux AS (v. 4) / s390 wget-1.10.1-2.4E.1.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x wget-1.10.1-2.4E.1.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 wget-1.10.1-2.4E.1.x86_64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS wget-1.10.1-0.AS21.src.rpm Red Hat Enterprise Linux ES (v. 2.1) / IA-32 wget-1.10.1-0.AS21.i386.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS wget-1.10.1-1.30E.1.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32 wget-1.10.1-1.30E.1.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64 wget-1.10.1-1.30E.1.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64 wget-1.10.1-1.30E.1.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS wget-1.10.1-2.4E.1.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 wget-1.10.1-2.4E.1.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 wget-1.10.1-2.4E.1.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 wget-1.10.1-2.4E.1.x86_64.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS wget-1.10.1-0.AS21.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32 wget-1.10.1-0.AS21.i386.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS wget-1.10.1-1.30E.1.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32 wget-1.10.1-1.30E.1.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64 wget-1.10.1-1.30E.1.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64 wget-1.10.1-1.30E.1.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS wget-1.10.1-2.4E.1.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 wget-1.10.1-2.4E.1.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 wget-1.10.1-2.4E.1.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 wget-1.10.1-2.4E.1.x86_64.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / SRPMS wget-1.10.1-0.AS21.src.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / IA-64 wget-1.10.1-0.AS21.ia64.rpm Mandriva Mandrakelinux 10.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/wget-1.9.1-4.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/wget-1.9.1-4.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/wget-1.9.1-4.3.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/wget-1.9.1-4.3.M20mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/wget-1.9.1-5.2.102mdk.s |
|
Standar resources |
|
Property | Value |
CVE | CAN-2004-2014 |
BID | 10361 |
Other resources |
|
Wget discussion list http://www.mail-archive.com/wget%40sunsite.dk/msg06449.html Wget discussion list http://www.mail-archive.com/wget%40sunsite.dk/msg06451.html Red Hat Security Advisory (RHSA-2005:771-10) https://rhn.redhat.com/errata/RHSA-2005-771.html Mandriva Security Advisory (MDKSA-2005:204) http://www.mandriva.com/security/advisories?name=MDKSA-2005:204 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-05-18 |
2.0 | CAN añadido. Exploit público disponible. Aviso emitido por Red Hat (RHSA-2005:771-10) | 2005-10-03 |
2.1 | Aviso emitido por Mandriva (MDKSA-2005:204) | 2005-11-03 |