Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100521033231.GA22338@openwall.com>
Date: Fri, 21 May 2010 07:32:31 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

On Fri, May 21, 2010 at 12:53:12AM +0400, Solar Designer wrote:
> I brought this issue to the bug-wget list:
> 
> [Bug-wget] security risk of unexpected download filenames
> http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html

Micah, the previous wget maintainer who is still active on the bug-wget
list, has commented on the issue:

http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html
http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html

It sounds like he does not mind a fix like Florian's patch getting
included upstream.  We'll see what the current maintainers say.

In another bug-wget posting, I described an attack that does not involve
a Unix user's home directory and a dot-file:

http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html

It works against wget of a file into a website "document root" tree and
it may take advantage of index.html taking precedence over index.php.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.