Bugzilla – Bug 995964
VUL-1: CVE-2016-7098: wget: files rejected by access list are kept on the disk for the duration of HTTP connection
Last modified: 2018-10-07 22:40:40 UTC
rh#1328137 A possible vulnerability was found in wget. The vulnerability surfaces when wget is used to download a single file with recursive option (-r / -m) and an access list ( -A ), wget only applies the list at the end of the download process. Although the file get successfully deleted in the end, this creates a race condition situation as an attacker who has control over the URL, could slow down the download process so that he had a chance to make use of the malicious file before it gets deleted. References: https://bugzilla.redhat.com/show_bug.cgi?id=1328137 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7098 http://seclists.org/oss-sec/2016/q3/385 http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html
bugbot adjusting priority
if possible, submit this as update, so we can fold it in the running wget ones
This is an autogenerated message for OBS integration: This bug (995964) was mentioned in https://build.opensuse.org/request/show/424440 13.2 / wget
openSUSE-SU-2016:2284-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 995964 CVE References: CVE-2016-7098 Sources used: openSUSE 13.2 (src): wget-1.16-4.10.1
Resolved by applying upstream patch.
reopenb
i see you resubmitted, thanks. reassign to security team for tracking and later closing.
SUSE-SU-2016:2358-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 958342,984060,995964 CVE References: CVE-2016-4971,CVE-2016-7098 Sources used: SUSE OpenStack Cloud 5 (src): wget-1.11.4-1.32.1 SUSE Manager Proxy 2.1 (src): wget-1.11.4-1.32.1 SUSE Manager 2.1 (src): wget-1.11.4-1.32.1 SUSE Linux Enterprise Server 11-SP4 (src): wget-1.11.4-1.32.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): wget-1.11.4-1.32.1 SUSE Linux Enterprise Server 11-SECURITY (src): wget-openssl1-1.11.4-1.32.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): wget-1.11.4-1.32.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): wget-1.11.4-1.32.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): wget-1.11.4-1.32.1
SUSE-SU-2016:3268-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1005091,1012677,995964 CVE References: CVE-2016-7098 Sources used: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): wget-1.14-17.1 SUSE Linux Enterprise Server 12-SP2 (src): wget-1.14-17.1 SUSE Linux Enterprise Server 12-SP1 (src): wget-1.14-17.1 SUSE Linux Enterprise Desktop 12-SP2 (src): wget-1.14-17.1 SUSE Linux Enterprise Desktop 12-SP1 (src): wget-1.14-17.1
openSUSE-SU-2017:0015-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1005091,1012677,995964 CVE References: CVE-2016-7098 Sources used: openSUSE Leap 42.2 (src): wget-1.14-6.1 openSUSE Leap 42.1 (src): wget-1.14-8.1
released