首页 -> 安全研究
安全研究
安全漏洞
WGet NLST客户端文件覆盖漏洞
发布日期:2002-12-13
更新日期:2002-12-23
受影响系统:
GNU wget 1.8描述:
GNU wget 1.7
GNU wget 1.6
GNU wget 1.5.3
GNU wget 1.8.1
- Debian Linux 3.0 arm
- Debian Linux 3.0 powerpc
- Debian Linux 3.0 i386
- Debian Linux 3.0 alpha
- Debian Linux 3.0 IA-32
- Debian Linux 3.0 68k
GNU wget 1.8.2
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Mandrake Linux 9.0
- Mandrake Linux 8.2
- RedHat Linux 8.0
- RedHat Linux 7.3
BUGTRAQ ID: 6352
CVE(CAN) ID: CVE-2002-1344
wget是一款免费开放源代码下载工具,可以运行在Unix和Linux操作系统下。
wget没有正确处理NLST FTP的服务器应答,远程攻击者可以利用这个漏洞构建恶意FTP服务器,诱使用户访问,把恶意文件覆盖到FTP客户端当前目录之外的位置上。
当wget处理来自FTP服务器的NLST应答时,RFC规定需要FTP客户端在包含目录信息时需要详细检查输入,而wget没有对此信息进行充分检查,因此,如果恶意FTP服务程序提供的文件包含目录信息如下字符:
"../","/path","..\"(windows系统下),"C:"(windows系统下),"..." (windows系统下等于../..)
当wget使用一些通配符进行下载时,没有检查这些文件路径信息,可造成客户端的目录遍历,盲目下载到客户端指定目录以外位置上。如果熟知客户端系统中文件名和相应目录,可以直接覆盖这些文件,造成拒绝服务等攻击。
<*来源:Steve Christey (coley@linus.mitre.org)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103980721830407&w=2
http://www.debian.org/security/2002/dsa-209
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552
http://www.linux-mandrake.com/en/security/2002/2002-086.php
https://www.redhat.com/support/errata/RHSA-2002-229.html
*>
建议:
厂商补丁:
Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:552)以及相应补丁:
CLA-2002:552:wget
链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552
补丁下载:
Conectiva RPM wget-1.8.2-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/wget-1.8.2-1U60_1cl.i386.rpm
Conectiva RPM wget-1.8.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/wget-1.8.2-1U70_1cl.i386.rpm
Conectiva RPM wget-1.8.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/wget-1.8.2-1U80_1cl.i386.rpm
Debian
------
Debian已经为此发布了一个安全公告(DSA-209-1)以及相应补丁:
DSA-209-1:two wget problems
链接:http://www.debian.org/security/2002/dsa-209
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1.diff.gz
Size/MD5 checksum: 75231 61d99d8ab75b95cd9fa2459e74182a50
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3.orig.tar.gz
Size/MD5 checksum: 446966 47680b25bf893afdb0c43b24e3fc2fd6
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1.dsc
Size/MD5 checksum: 1163 9eb3c57aa94d74e3c6e4097b5d941563
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_alpha.deb
Size/MD5 checksum: 249228 0eedd7487056460a8de93ea2ed3402f2
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_arm.deb
Size/MD5 checksum: 233342 9a57b21e6611b46b3991bb38e75dbd08
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_i386.deb
Size/MD5 checksum: 227812 fc7c576836d26cebc397c07f3bbd1488
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_m68k.deb
Size/MD5 checksum: 224820 b967f1e1b960be2fce3fb2cae55b6710
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_powerpc.deb
Size/MD5 checksum: 234646 48b138d481cebbe85b437d82b63285b7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_sparc.deb
Size/MD5 checksum: 235500 631874205d8d85378555387209a9db37
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc. An update for mipsel is not available at this
moment.
Source archives:
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1.orig.tar.gz
Size/MD5 checksum: 1097780 6ca8e939476e840f0ce69a3b31c13060
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1.diff.gz
Size/MD5 checksum: 9939 69f96b6608e043e0d781061a22e90169
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1.dsc
Size/MD5 checksum: 1217 97af60040e8d7a2cd538d18a5120cd87
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_alpha.deb
Size/MD5 checksum: 364338 aeade9ab45904c8b6c64fcdb5934576e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_arm.deb
Size/MD5 checksum: 335972 dfe4085e95fd53be9821d1b33d79d134
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_hppa.deb
Size/MD5 c
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:086)以及相应补丁:
MDKSA-2002:086:Updated wget packages fix directory traversal vulnerability
链接:http://www.linux-mandrake.com/en/security/2002/2002-086.php
补丁下载:
Updated Packages:
Linux-Mandrake 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.0/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/wget-1.8.2-3.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.1/IA64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/wget-1.8.2-3.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 8.2/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/wget-1.8.2-3.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/wget-1.8.2-3.1mdk.src.rpm
Single Network Firewall 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/wget-1.8.2-3.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/SRPMS/wget-1.8.2-3.1mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:229-10)以及相应补丁:
RHSA-2002:229-10:Updated wget packages fix directory traversal bug
链接:https://www.redhat.com/support/errata/RHSA-2002-229.html
补丁下载:
Red Hat RPM wget-1.8.2-4.6x.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/wget-1.8.2-4.6x.i386.rpm
Red Hat RPM wget-1.8.2-4.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/wget-1.8.2-4.70.i386.rpm
Red Hat RPM wget-1.8.2-4.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/wget-1.8.2-4.71.i386.rpm
Red Hat RPM wget-1.8.2-4.71.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/wget-1.8.2-4.71.ia64.rpm
Red Hat RPM wget-1.8.2-4.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/wget-1.8.2-4.72.i386.rpm
Red Hat RPM wget-1.8.2-4.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/wget-1.8.2-4.72.ia64.rpm
Red Hat RPM wget-1.8.2-4.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/wget-1.8.2-4.73.i386.rpm
Red Hat RPM wget-1.8.2-5.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/wget-1.8.2-5.i386.rpm
浏览次数:3254
严重程度:0(网友投票)
绿盟科技给您安全的保障