CVE-2010-2252
Publication date 6 July 2010
Last updated 24 July 2024
Ubuntu priority
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Status
Package | Ubuntu Release | Status |
---|---|---|
wget | 10.04 LTS lucid |
Fixed 1.12-1.1ubuntu2.1
|
9.10 karmic |
Fixed 1.11.4-2ubuntu2.1
|
|
9.04 jaunty |
Fixed 1.11.4-2ubuntu1.2
|
|
8.04 LTS hardy |
Fixed 1.10.2-3ubuntu1.2
|
|
6.06 LTS dapper |
Fixed 1.10.2-1ubuntu1.2
|
Patch details
Package | Patch details |
---|---|
wget |
References
Related Ubuntu Security Notices (USN)
- USN-982-1
- Wget vulnerability
- 2 September 2010