FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362499
Date:      2014-07-21
Time:      21:36:54Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
06f142ff-4df3-11d9-a9e7-0001020eed82wget -- multiple vulnerabilities

Jan Minar reports that there exists multiple vulnerabilities in wget:

Wget erroneously thinks that the current directory is a fair game, and will happily write in any file in and below it. Malicious HTTP response or malicious HTML file can redirect wget to a file that is vital to the system, and wget will create/append/overwrite it.

Wget apparently has at least two methods of ``sanitizing'' the potentially malicious data it receives from the HTTP stream, therefore a malicious redirects can pass the check. We haven't find a way to trick wget into writing above the parent directory, which doesn't mean it's not possible.

Malicious HTTP response can overwrite parts of the terminal so that the user will not notice anything wrong, or will believe the error was not fatal.


Discovery 2004-12-09
Entry 2004-12-14
Modified 2005-04-15
wget
wget-devel
lt 1.10.a1

wgetpro
wget+ipv6
ge 0

CVE-2004-1487
CVE-2004-1488
11871
http://marc.theaimsgroup.com/?l=bugtraq&m=110269474112384
http://bugs.debian.org/261755
06f142ff-4df3-11d9-a9e7-0001020eed82wget -- multiple vulnerabilities

Jan Minar reports that there exists multiple vulnerabilities in wget:

Wget erroneously thinks that the current directory is a fair game, and will happily write in any file in and below it. Malicious HTTP response or malicious HTML file can redirect wget to a file that is vital to the system, and wget will create/append/overwrite it.

Wget apparently has at least two methods of ``sanitizing'' the potentially malicious data it receives from the HTTP stream, therefore a malicious redirects can pass the check. We haven't find a way to trick wget into writing above the parent directory, which doesn't mean it's not possible.

Malicious HTTP response can overwrite parts of the terminal so that the user will not notice anything wrong, or will believe the error was not fatal.


Discovery 2004-12-09
Entry 2004-12-14
Modified 2005-04-15
wget
wget-devel
lt 1.10.a1

wgetpro
wget+ipv6
ge 0

CVE-2004-1487
CVE-2004-1488
11871
http://marc.theaimsgroup.com/?l=bugtraq&m=110269474112384
http://bugs.debian.org/261755