New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add module for CVE-2014-4877 (Wget) #4088
Conversation
Already tested successfully:
|
Note, the rapid7 blog post will autopublish at 9am central time on Oct 28 (that's the disclosure date we provided to the maintainer and CERT/CC). |
I'll land this in the morning as well, which will close #4077. |
Updated the PR's description with the module's description. :) |
Working nicely for me with
|
I'm curious if this affects a normal OSX build. I assume it ships with wget. @jvazquez-r7 can you do a quick wget --version? If the version is different from 1.14, then it'd be nice to update the module description. I know that Ubuntu is vulnerable today and I don't see anything on the Ubuntu Security Notices page: http://www.ubuntu.com/usn/ . I'm opening a bug now, here: https://launchpad.net/ubuntu/+source/wget/+bugs |
Bug against Ubuntu filed: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1386711 |
Apparently, OSX dosn't usually ship with wget after all. Yay. |
I checked an older version of OS X, so I'm probably wrong. Maybe OS X uses the GNU userland now. Who knows! Strange that there's no |
This module exploits a vulnerability in Wget when used in recursive (-r) mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGET_DATA option.
Tested successfully with wget 1.14. Versions prior to 1.16 are presumed vulnerable.