漏洞信息详情
WGet NLST客户端文件覆盖漏洞
- CNNVD编号:CNNVD-200212-028
- 危害等级: 低危
- CVE编号: CVE-2002-1344
- 漏洞类型: 输入验证
- 发布时间: 2002-12-18
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: gnu
- 漏洞来源: Steve Christey※ co...
漏洞简介
wget是一套免费且开源的支持从网络上自动下载文件的下载工具。 wget没有正确处理NLST FTP的服务器应答,远程攻击者可以利用这个漏洞构建恶意FTP服务器,诱使用户访问,把恶意文件覆盖到FTP客户端当前目录之外的位置上。 当wget处理来自FTP服务器的NLST应答时,RFC规定需要FTP客户端在包含目录信息时需要详细检查输入,而wget没有对此信息进行充分检查,因此,如果恶意FTP服务程序提供的文件包含目录信息如下字符: \"../\",\"/path\",\"..\\"(windows系统下),\"C:\"(windows系统下),\"...\" (windows系统下等于../..) 当wget使用一些通配符进行下载时,没有检查这些文件路径信息,可造成客户端的目录遍历,盲目下载到客户端指定目录以外位置上。如果熟知客户端系统中文件名和相应目录,可以直接覆盖这些文件,造成拒绝服务等攻击。
漏洞公告
厂商补丁: Conectiva --------- Conectiva已经为此发布了一个安全公告(CLA-2002:552)以及相应补丁:
CLA-2002:552:wget
链接: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552
补丁下载:
Conectiva RPM wget-1.8.2-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/wget-1.8.2-1U60_1cl.i386.rpm
Conectiva RPM wget-1.8.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/wget-1.8.2-1U70_1cl.i386.rpm
Conectiva RPM wget-1.8.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/wget-1.8.2-1U80_1cl.i386.rpm Debian ------ Debian已经为此发布了一个安全公告(DSA-209-1)以及相应补丁:
DSA-209-1:two wget problems
链接: http://www.debian.org/security/2002/dsa-209
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1.diff.gz
Size/MD5 checksum: 75231 61d99d8ab75b95cd9fa2459e74182a50
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3.orig.tar.gz
Size/MD5 checksum: 446966 47680b25bf893afdb0c43b24e3fc2fd6
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1.dsc
Size/MD5 checksum: 1163 9eb3c57aa94d74e3c6e4097b5d941563
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_alpha.deb
Size/MD5 checksum: 249228 0eedd7487056460a8de93ea2ed3402f2
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_arm.deb
Size/MD5 checksum: 233342 9a57b21e6611b46b3991bb38e75dbd08
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_i386.deb
Size/MD5 checksum: 227812 fc7c576836d26cebc397c07f3bbd1488
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_m68k.deb
Size/MD5 checksum: 224820 b967f1e1b960be2fce3fb2cae55b6710
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_powerpc.deb
Size/MD5 checksum: 234646 48b138d481cebbe85b437d82b63285b7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_sparc.deb
Size/MD5 checksum: 235500 631874205d8d85378555387209a9db37
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc. An update for mipsel is not available at this
moment.
Source archives:
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1.orig.tar.gz
Size/MD5 checksum: 1097780 6ca8e939476e840f0ce69a3b31c13060
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1.diff.gz
Size/MD5 checksum: 9939 69f96b6608e043e0d781061a22e90169
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1.dsc
Size/MD5 checksum: 1217 97af60040e8d7a2cd538d18a5120cd87
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_alpha.deb
Size/MD5 checksum: 364338 aeade9ab45904c8b6c64fcdb5934576e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_arm.deb
Size/MD5 checksum: 335972 dfe4085e95fd53be9821d1b33d79d134
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_hppa.deb
Size/MD5 c
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade MandrakeSoft ------------ MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:086)以及相应补丁:
MDKSA-2002:086:Updated wget packages fix directory traversal vulnerability
链接: http://www.linux-mandrake.com/en/security/2002/2002-086.php
补丁下载:
Updated Packages:
Linux-Mandrake 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.0/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/wget-1.8.2-3.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.1/IA64:
参考网址
来源:US-CERT Vulnerability Note: VU#210148 名称: VU#210148 链接:http://www.kb.cert.org/vuls/id/210148 来源: BID 名称: 6352 链接:http://www.securityfocus.com/bid/6352 来源: REDHAT 名称: RHSA-2002:229 链接:http://www.redhat.com/support/errata/RHSA-2002-229.HTML 来源: MANDRAKE 名称: MDKSA-2002:086 链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php 来源: BUGTRAQ 名称: 20021219 TSLSA-2002-0089 - wget 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104033016703851&w=2 来源: BID 名称: 6360 链接:http://www.securityfocus.com/bid/6360 来源: CALDERA 名称: CSSA-2003.003.0 链接:http://www.securityfocus.com/archive/1/archive/1/307045/30/26300/threaded 来源: REDHAT 名称: RHSA-2002:256 链接:http://www.redhat.com/support/errata/RHSA-2002-256.HTML 来源: OPENPKG 名称: OpenPKG-SA-2003.007 链接:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.HTML 来源: XF 名称: wget-ftp-filename-traversal(10820) 链接:http://www.iss.net/security_center/static/10820.php 来源: CIAC 名称: N-022 链接:http://www.ciac.org/ciac/bulletins/n-022.sHTML 来源: DEBIAN 名称: DSA-209 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103973388702700&w=2 来源: BUGTRAQ 名称: 20021211 Directory Traversal Vulnerabilities in FTP Clients 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2 来源: CONECTIVA 名称: CLSA-2002:552 链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552 来源: CONECTIVA 名称: CLA-2002:552 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552 来源: VULNWATCH 名称: 20021210 Directory Traversal Vulnerabilities in FTP Clients 链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.HTML 来源: SCO 名称: CSSA-2003-003.0 链接:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt
受影响实体
- Gnu Wget:1.5.3
- Gnu Wget:1.6
- Gnu Wget:1.7
- Gnu Wget:1.7.1
- Gnu Wget:1.8
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论