FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wget -- Access List Bypass / Race Condition

Affected packages
wget <= 1.17

Details

VuXML ID 479c5b91-b6cc-11e6-a04e-3417eb99b9a0
Discovery 2016-11-24
Entry 2016-11-30

Dawid Golunski reports:

GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter.

[source]

References

CVE Name CVE-2016-7098
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.