wget 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1128867699
업데이트 : 2005.10.09
상세내용
CAN-2004-1487:
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain
files via a redirection URL containing a ".." that resolves to the IP address
of the malicious server, which bypasses wget's filtering for ".." sequences.
CAN-2004-1488:
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying
HTTP responses to the terminal, which may allow remote malicious web servers to
inject terminal escape sequences and execute arbitrary code.
CAN-2004-2014:
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink
attack on the name of the file being downloaded.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. wget-1.10.1-2.i686.rpm
SRPMS :
. wget-1.10.1-2.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2014
|