wget Update for Mandrake Linux
Posted on: 12/12/2002 12:22 PM

MandrakeSoft has released a wget package security update for Mandrake Linux

A vulnerability in all versions of wget prior to and including 1.8.2 was discovered by Steven M. Christey. The bug permits a malicious FTP server to create or overwriet files anywhere on the local file system by sending filenames beginning with "/" or containing "/../". This can be used to make vulnerable FTP clients write files that can later be used for attack against the client machine.


Read more


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/wget_update_for_mandrake_linux.html)