Symlink Attack Vulnerability in Wget by the Free Software Foundation
CVE-2004-2014

Currently unrated

Key Information:

Vendor: Gnu
Status: Wget
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2014?

Wget versions 1.9 and 1.9.1 are susceptible to a local file overwrite vulnerability due to a symlink attack. This occurs when an attacker creates a symbolic link that redirects files being downloaded. When Wget resolves the symlink, it may overwrite an arbitrary file specified by the attacker, potentially compromising system integrity. This flaw emphasizes the need for users to be aware of the implications of symlink use in environments where Wget is employed.

References

http://marc.info/?l=wget&m=108483270227139&w=2

mailing-listx_refsource_MLIST

http://www.redhat.com/support/errata/RHSA-2005-771.html

vendor-advisoryx_refsource_REDHAT

https://usn.ubuntu.com/145-1/

vendor-advisoryx_refsource_UBUNTU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Dec 31, 2004

Gnu

What is CVE-2004-2014?

References

Timeline