支持服务

无论何时何地，亿速云各领域专家就在您的身边，帮助您提升业务价值与服务。

售前咨询：400-100-2938

让您全面了解并上手亿速云产品

常见入门级使用教程

对外 API 开发文档中心

您历史提交的工单

您的每一条意见，我们都严谨处理

您的每一条建议，我们都认真对待

中国站

中国站
简体中文
International
English 简体中文

GNU Wget输入验证漏洞

CNNVD-ID编号	CNNVD-201007-041	CVE编号	CVE-2010-2252
发布时间	2010-07-08	更新时间	2010-07-08
漏洞类型	输入验证	漏洞来源	N/A
危险等级	中危	威胁类型	远程
厂商	gnu

漏洞介绍

GNU Wget是GNU计划开发的一套用于在网络上进行下载的自由软件，它支持通过HTTP、HTTPS以及FTP这三个最常见的TCP/IP协议下载。

GNU Wget 1.12以及之前的版本使用服务器提供的文件名而不是原始的URL来确定下载的目标文件名。远程服务器可以利用3xx重定向到含有.wgetrc文件名的URL，紧接着利用3xx重定向到含有伪造的文件名的URL来创建或者覆盖任意的文件，并且可能由于将此写入主目录dotfile中而执行任意代码。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接

Debian Linux 5.0 ia-64

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0 alpha

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian Linux 5.0 ia-32

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0 s/390

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0 mipsel

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0 hppa

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0 m68k

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0 arm

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian Linux 5.0 armel

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian Linux 5.0 amd64

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian Linux 5.0 mips

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0 powerpc

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

Debian Linux 5.0 sparc

Debian mahara-apache2_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1 .0.4-4+lenny6_all.deb

Debian mahara_1.0.4-4+lenny6_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+l enny6_all.deb

参考网址

来源: bugzilla.redhat.com

链接：https://bugzilla.redhat.com/show_bug.cgi?id=602797
来源: bugzilla.redhat.com

链接：https://bugzilla.redhat.com/show_bug.cgi?id=591580
来源: MISC

链接：http://www.ocert.org/advisories/ocert-2010-001.html
来源: MLIST

名称: [oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

链接：http://marc.info/?l=oss-security&m=127611288927500&w=2
来源: MLIST

名称: [oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

链接：http://marc.info/?l=oss-security&m=127441275821210&w=2
来源: MLIST

名称: [oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

链接：http://marc.info/?l=oss-security&m=127432968701342&w=2
来源: MLIST

名称: [oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

链接：http://marc.info/?l=oss-security&m=127427572721591&w=2
来源: MLIST

名称: [oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

链接：http://marc.info/?l=oss-security&m=127422615924593&w=2
来源: MLIST

名称: [oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

链接：http://marc.info/?l=oss-security&m=127416905831994&w=2
来源: MLIST

名称: [oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

链接：http://marc.info/?l=oss-security&m=127412569216380&w=2
来源: MLIST

名称: [oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability

链接：http://marc.info/?l=oss-security&m=127411372529485&w=2
来源: MLIST

名称: [bug-wget] 20100521 Re: security risk of unexpected download filenames

链接：http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html
来源: MLIST

名称: [bug-wget] 20100520 Re: security risk of unexpected download filenames

链接：http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html
来源: MLIST

名称: [bug-wget] 20100521 Re: security risk of unexpected download filenames

链接：http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html
来源: MLIST

名称: [bug-wget] 20100520 Re: security risk of unexpected download filenames

链接：http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201007-041

产品服务

地区划分

专题活动

帮助支持

关于我们

售后咨询

7*24小时在线电话：400-100-2938

7*24小时在线 QQ：800811969

关注亿速云

亿速云公众号

手机网站二维码

咨询电话

400-100-2938

售前咨询

小张

点击立即咨询

小杨

点击立即咨询

小黄

点击立即咨询

小李

点击立即咨询

小易

点击立即咨询

小温

点击立即咨询

小虞

点击立即咨询

小罗

点击立即咨询

小来

点击立即咨询

15902059193

3007326032

点击立即咨询

添加客服小罗微信

添加客服小罗QQ

售后服务

400-100-2938

800811969

点击立即咨询

售后微信服务号

售后企业QQ

提供7*24小时全天候不间断的售后服务

24小时售后技术支持