Intrusion Prevention

GNU.Wget.FTP.Symlink.Arbitrary.Filesystem.Access

Description

This indicates an attack attempt against a Directory Traversal vulnerability in Wget.
The vulnerability is caused by an error when the vulnerable software accesses symlink in recursive mode on remote FTP servers. It allows a remote attacker to overwrite arbitrary file or execute arbitrary code on vulnerable systems.

Affected Products

GNU Wget before 1.16

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version,available from the web site.
http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html

CVE References

CVE-2014-4877