Wget CVE-2016-4971: Arbitrary File Upload

CVE-2016-4971 [Arbitrary File Upload / Potential Remote Code Execution]

Severity: High below 1.8 version.

All versions of Wget before the patched version of 1.18 are affected.

1. GNU wget before 1.18 when supplied with a malicious URL (to a malicious or compromised web server) can be tricked into saving an arbitrary remote file supplied by an attacker, with arbitrary contents and file name under the current directory and possibly other directories by writing to .wgetrc.
2. Remote code execution and even root privilege escalation if wget is run via a root cronjob as is often the case in many web application deployments.
3. Can exploit intercept/modify the network traffic.

Due to lack of control in the utility (wget) , downloading a link from a remote server which is controled by an attacker create an arbitrary file
with an arbitrary contents and filename by issuing a crafted HTTP 30X Redirect containing FTP server reference in response to the victim’s wget request.

ubuntusyn:~/test/blog$ wget –version | head -n1
GNU Wget 1.15 built on linux-gnu.

Update wget to version 1.18

Patch lists::

Ubuntu ::

Ubuntu 12.04 LTS (Precise Pangolin) = released (1.13.4-2ubuntu1.4)
Ubuntu 14.04 LTS (Trusty Tahr) = released (1.15-1ubuntu1.14.04.2)
Ubuntu Touch 15.04 = needed
Ubuntu Core 15.04 = does not exist
Ubuntu 15.10 (Wily Werewolf) = released (1.16.1-1ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus) = released (1.17.1-1ubuntu1.1)
Ubuntu 16.10 (Yakkety Yak) = released (1.17.1-1ubuntu2)


Red Hat Enterprise Linux 6 = Will not fix
Red Hat Enterprise Linux 7 = Fix deferred
Red Hat Enterprise Linux 5 = Will not fix

The latest wget version is not available in any PPA or repository to install Wget version 1.18.

Below installation steps will guide you the manual installation process of GNU Wget.

root@ubuntusyn:/usr/local/src# apt-get update
root@ubuntusyn:/usr/local/src# apt-get build-dep wget

root@ubuntusyn:/usr/local/src# wget http://ftp.gnu.org/gnu/wget/wget-1.18.tar.gz

root@ubuntusyn:/usr/local/src# tar -xvf wget-1.18.tar.gz
root@ubuntusyn:/usr/local/src# cd wget-1.18
root@ubuntusyn:/usr/local/src/wget-1.18# ./configure –with-ssl=openssl –prefix=/opt/wget
root@ubuntusyn:/usr/local/src/wget-1.18# make
root@ubuntusyn:/usr/local/src/wget-1.18# make install

root@ubuntusyn:/usr/local/src/wget-1.18# /opt/wget/bin/wget -V | head -n1
GNU Wget 1.18 built on linux-gnu.

root@ubuntusyn:/usr/bin# mv wget wget_v1.15
root@ubuntusyn:/usr/bin# ln -s /opt/wget/bin/wget /usr/bin/wget
root@ubuntusyn:/usr/bin# wget -V | head -n1
GNU Wget 1.18 built on linux-gnu.

Urolime Technologies has made groundbreaking accomplishments in the field of Google Cloud & Kubernetes Consulting, DevOps Services, 24/7 Managed Services & Support, Dedicated IT Team, Managed AWS Consulting and Azure Cloud Consulting. We believe our customers are Smart to choose their IT Partner, and we “Do IT Smart”.
Posts created 465

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Enjoy this blog? Please spread the word :)

Follow by Email
Visit Us
Follow Me