So there is a wget vulnerability … big deal?
Metasploit developer – Rapid7 has a page discussing the exploit
Specifically:
GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP. Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target.
Let’s Focus on this sentence:
This vulnerability allows an attacker operating a malicious FTP server to create arbitrary files, directories, and symlinks on the user’s filesystem.
So what constitutes a “user’s filesystem” that could be attacked?
Well, it has to have wget versions prior to 1.16, such as this one:
This is wget version 1.13 on a Kali Linux distribution of 1.08 (without too many modifications.
Now it just so happens this is my laptop, so I am not vulnerable, since I do not have ftp or http servers running. So only if a potential server has an early version of wget installed and has a ftp server running then the system “could” be vulnerable.
Contact me to have me check your systems with an Alpha scan.
Update:
RedHat has a bugfix: https://access.redhat.com/support/policy/updates/errata/