Network tool wget was found to have security vulnerabilities (cve-2014-4877)

Source: Internet
Author: User
Tags ftp site cve
#漏洞预警 # Popular Network tool wget was found to have a security vulnerability (cve-2014-4877).

When wget is used to recursively download an FTP site, an attacker can trigger the vulnerability by constructing a malicious symbolic link file that creates arbitrary files, directories, or symbolic links and sets access permissions on the wget user's system. Please pay attention to the use of their own version of the update, timely installation of patches/upgrades.


The Mitre CVE Dictionary explains this question as follows: * * RESERVED * * This candidate has been the RESERVED by a organization or individual that would use it W Hen announcing a new security problem. When the candidate has been publicized, the details for this candidate would be provided.

Solution:


Upgrade to wget 1.16.
http://ftp.gnu.org/gnu/wget/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.