Lucene search
GoogleOSV:DSA-209HistoryDec 12, 2002 - 12:00 a.m.
wget - directory traversal
2002-12-1200:00:00
Google
osv.dev
16
EPSS
0.064
Percentile
93.7%
Two problems have been found in the wget package as distributed in
Debian GNU/Linux:
- Stefano Zacchiroli found a buffer overrun in the url_filename function,
which would make wget segfault on very long URLs - Steven M. Christey discovered that wget did not verify the FTP server
response to a NLST command: it must not contain any directory information,
since that can be used to make an FTP client overwrite arbitrary files.
Both problems have been fixed in version 1.5.3-3.1 for Debian GNU/Linux
2.2/potato and version 1.8.1-6.1 for Debian GNU/Linux 3.0/woody.
References
Related
debiancve
debiancve
CVE-2002-1344
2002-12-18 05:00:00
nessus
nessus
Mandrake Linux Security Advisory : wget (MDKSA-2002:086)
2004-07-31 00:00:00
RHEL 2.1 : wget (RHSA-2002:256)
2004-07-06 00:00:00
Debian DSA-209-1 : wget - directory traversal
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 209-1 (wget)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-209)
2008-01-17 00:00:00
nvd
nvd
CVE-2002-1344
2002-12-18 05:00:00
cert
cert
wget contains directory traversal vulnerability
2002-12-10 00:00:00
redhat
redhat
(RHSA-2002:256) wget security update
2003-02-06 00:00:00
cvelist
cvelist
CVE-2002-1344
2002-12-11 05:00:00
cve
cve
CVE-2002-1344
2002-12-18 05:00:00
securityvulns
securityvulns
Directory Traversal Vulnerabilities in FTP Clients
2002-12-11 00:00:00
[NEWS] Directory Traversal Vulnerabilities in FTP Clients
2002-12-11 00:00:00
debian
debian
[SECURITY] [DSA-209-1] two wget problems
2002-12-12 22:49:14