网络工具wget被发现存在安全漏洞(CVE-2014-4877)。
当wget在用于递归下载FTP站点时,攻击者可通过构造恶意的符号链接文件触发该漏洞,从而在wget用户的系统中创建任意文件、目录或符号链接并设置访问权限。请广大用户留意各自所使用版本的更新情况,及时安装补丁/升级。
MITRE CVE 词典对这个问题解释如下:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
参照:
https://access.redhat.com/security/cve/CVE-2014-4877 http://www.rapid7.com/db/modules/auxiliary/server/wget_symlink_file_write https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access https://bugzilla.redhat.com/show_bug.cgi?id=1139181
