wget: arbitrary filesystem access

ID ASA-201410-14
Type archlinux
Reporter Arch Linux
Modified 2014-10-29T00:00:00


It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP.

By default, when retrieving ftp directories recursively and a symbolic link is encountered, the symbolic link is traversed and the pointed-to files are retrieved. This option poses a security risk where a malicious FTP Server may cause Wget to write to files outside of the intended directories through a specially crafted .listing file.