[wget-notify] [bug #20419] wget: [CVE-2006-6719] segfaults on too many FTP 220 responses at once

NoèlKöthe INVALID.NOREPLY at gnu.org
Mon Jul 9 14:31:08 PDT 2007 

URL:
  <http://savannah.gnu.org/bugs/?20419>

                 Summary: wget: [CVE-2006-6719] segfaults on too many FTP 220
responses at once
                 Project: GNU Wget
            Submitted by: nok
            Submitted on: Montag 09.07.2007 um 23:31
                Category: User Interface
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.10.2
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: None

    _______________________________________________________

Details:

Hello,

a forwarded report from http://bugs.debian.org/407571 :

"I was able to reproduce the CVE-2006-6719 (DoS from malicious FTP
server against wget <= 1.10.2 by letting it segfault, see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6719) with wget
versions in Sarge, Etch and Sid (Etch and Sid are the same at the
moment of writing).

How to reproduce:

Download the proof of concept perl script from
http://www.milw0rm.com/exploits/2947 then log in as root and start the
script as root (it's easy to understand and harmless, well, except to
wget... ;-). You'll also find a backtrace in the comments at the
beginning of the script.

The login as a user, and start:

  wget --passive-ftp ftp://localhost/bla/fasel

It will segfault.

It's not yet known if this segfault can be exploited to execute some
code with the rights of the wget user (possibly root), so I set the
severity to normal only...

Updates issued by other distributors:

Fedora: http://lwn.net/Articles/217243/
	http://lwn.net/Articles/217242/
Mandriva: http://www.mandriva.com/security/advisories?name=MDKSA-2007:017

Further links:

Bugtraq Database: http://www.securityfocus.com/bid/21650
"

thx.

noel at d.o




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?20419>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.gnu.org/

More information about the wget-notify mailing list