Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
wget.34428
wget-CVE-2014-4877.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File wget-CVE-2014-4877.patch of Package wget.34428
From 18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 Mon Sep 17 00:00:00 2001 From: Darshit Shah <darnir@gmail.com> Date: Sun, 07 Sep 2014 19:11:17 +0000 Subject: CVE-2014-4877: Arbitrary Symlink Access Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. This commit changes the default settings in Wget such that Wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the Wget invokation command. --- Index: wget-1.14/doc/ChangeLog =================================================================== --- wget-1.14.orig/doc/ChangeLog 2012-08-04 10:43:28.000000000 +0200 +++ wget-1.14/doc/ChangeLog 2014-11-03 13:56:23.819708307 +0100 @@ -1,3 +1,9 @@ +2014-09-08 Darshit Shah <darnir@gmail.com> + + * wget.texi (symbolic links): Update documentation of retr-symlinks to + reflect the new default. Add warning about potential security issues with + --retr-symlinks=yes. + 2012-08-04 mancha <mancha@mac.hush.com> (tiny change) * wget.texi: Export ENVIRONMENT to the man page. Index: wget-1.14/doc/wget.texi =================================================================== --- wget-1.14.orig/doc/wget.texi 2012-08-04 10:41:52.000000000 +0200 +++ wget-1.14/doc/wget.texi 2014-11-03 13:56:23.820708319 +0100 @@ -1779,17 +1779,18 @@ @cindex symbolic links, retrieving @item --retr-symlinks -Usually, when retrieving @sc{ftp} directories recursively and a symbolic -link is encountered, the linked-to file is not downloaded. Instead, a -matching symbolic link is created on the local filesystem. The -pointed-to file will not be downloaded unless this recursive retrieval -would have encountered it separately and downloaded it anyway. +By default, when retrieving @sc{ftp} directories recursively and a symbolic link +is encountered, the symbolic link is traversed and the pointed-to files are +retrieved. Currently, Wget does not traverse symbolic links to directories to +download them recursively, though this feature may be added in the future. -When @samp{--retr-symlinks} is specified, however, symbolic links are -traversed and the pointed-to files are retrieved. At this time, this -option does not cause Wget to traverse symlinks to directories and -recurse through them, but in the future it should be enhanced to do -this. +When @samp{--retr-symlinks=no} is specified, the linked-to file is not +downloaded. Instead, a matching symbolic link is created on the local +filesystem. The pointed-to file will not be retrieved unless this recursive +retrieval would have encountered it separately and downloaded it anyway. This +option poses a security risk where a malicious FTP Server may cause Wget to +write to files outside of the intended directories through a specially crafted +@sc{.listing} file. Note that when retrieving a file (not a directory) because it was specified on the command-line, rather than because it was recursed to, Index: wget-1.14/src/ChangeLog =================================================================== --- wget-1.14.orig/src/ChangeLog 2012-07-08 11:36:29.000000000 +0200 +++ wget-1.14/src/ChangeLog 2014-11-03 13:56:23.823708353 +0100 @@ -1,3 +1,8 @@ +2014-09-08 Darshit Shah <darnir@gmail.com> + + * init.c (defaults): Set retr-symlinks to true by default. This changes a + default setting of wget. Fixes security bug CVE-2014-4877 + 2012-07-03 Steven Schubiger <stsc@member.fsf.org> * init.c: Include warc.h for warc_close in cleanup function. Index: wget-1.14/src/init.c =================================================================== --- wget-1.14.orig/src/init.c 2012-07-08 11:35:36.000000000 +0200 +++ wget-1.14/src/init.c 2014-11-03 13:56:23.823708353 +0100 @@ -357,6 +357,22 @@ opt.dns_cache = true; opt.ftp_pasv = true; + /* 2014-09-07 Darshit Shah <darnir@gmail.com> + * opt.retr_symlinks is set to true by default. Creating symbolic links on the + * local filesystem pose a security threat by malicious FTP Servers that + * server a specially crafted .listing file akin to this: + * + * lrwxrwxrwx 1 root root 33 Dec 25 2012 JoCxl6d8rFU -> / + * drwxrwxr-x 15 1024 106 4096 Aug 28 02:02 JoCxl6d8rFU + * + * A .listing file in this fashion makes Wget susceptiple to a symlink attack + * wherein the attacker is able to create arbitrary files, directories and + * symbolic links on the target system and even set permissions. + * + * Hence, by default Wget attempts to retrieve the pointed-to files and does + * not create the symbolic links locally. + */ + opt.retr_symlinks = true; #ifdef HAVE_SSL opt.check_cert = true;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor