Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

CVE-2014-4877: Wget FTP Symlink Attack Vulnerability

Crypto

By Crypto
in Security Hive

 Share

Recommended Posts

Crypto Newbie

Crypto

Posted
Posted

 

 

linux-wget-symlink-hacking-exploit.png
The open-source Wget application which is most widely used on Linux and Unix systems for retrieving files from the web has found vulnerable to a critical flaw.
 
GNU Wget is a command-line utility designed to retrieve files from the Web using HTTP, HTTPS, and FTP, the most widely used Internet protocols. Wget can be easily installed on any Unix-like system and has been ported to many environments, including Microsoft Windows, Mac OS X, OpenVMS, MorphOS and AmigaOS.
 
When a recursive directory fetch over FTP server as the target, it would let an attacker "create arbitrary files, directories or symbolic links" due to a symlink flaw.
 
 

IMPACT OF SYMLINK ATTACK

"

It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP

," developer Vasyl Kaigorodov wrote in a Red Hat Bugzilla 

comment

.

A remote unauthenticated malicious FTP server connected to the victim via wget would allow attackers to do anything they wanted. Wget could download and create or overwrite existing files within the context of the user running wget.
 
The vulnerability was first reported to the GNU Wget project by HD Moore, chief research officer at Rapid7. and is publicly identified as CVE-2014-4877. The flaw is considered critical since wget is present on nearly every Linux server in the world, and is installable (although not by default) on OS X machines as well, so needs a patch as soon as possible.
 
PATCH AVAILABLE

"

This flaw can lead to remote code execution through system-level vectors such as cron and user-level vectors such as bash profile files and SSH authorized_keys

," Moore wrote.

The vulnerability has now been fixed by the Wget project in wget 1.16, which blocks the default setting that allowed the setting of local symlinks.

"

Upgrade to wget version 1.16 or a package that has backported the CVE-2014-4877 patch

," Moore said.

WORKAROUND AVAILABLE EXPLOIT

"

This issue can be mitigated by ensuring that all invocations of wget in the mirror mode also specify --retr-symlinks command line option

," wrote Tomas Hoger on the Bugzilla report. "

Doing so is equivalent to applying the upstream commit linked in comment 14, which changes the default for the retr-symlinks options from off/no to on/yes, preventing creation of symbolic links locally.

"

"

In addition to changing arguments in all scripts or programs that invoke wget, it is possible to enabled[sic] retr-symlinks option via wget configuration file - either global /etc/wgetrc, or user specific ~/.wgetrc - by adding the line: retr-symlinks=on

"

An exploit for the vulnerability is now available on the open-source Metasploit penetration testing Website, so that security researchers could test the bug. You can download the exploit from here. 
                Add Rep and Leave a feedback
                      Reputation is the green button in the down right corner on my post

 

do you understand            if you having fun?                  it's a rising sun                           it's a man killing                              what's that feelin'

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Check out what our members are saying

    letus101
    I recently purchased an invite to LF from Inviter, and it was an outstanding experience! The process was smooth, quick, and hassle-free. Inviter provided excellent customer servi…
    elence
    I was looking for an invite to Brokenstones and was able to get one very quickly and easily. Most importantly admin gave me a few options and explained how the invite tree works …
    GreenGrass
    Quick transaction, honest, friendly and very helpful. Highly recommended!
    rycaholix1985
    Did not take long to get my desired account.  Good job to @Inviter , for allowing a quick and painless way of getting my account.  Thanks again.
    LTwithamap
    Seller is great! Fast to respond and reliable. Had to wait but it's reasonable since seller is at work. 10/10 would buy something else again in the future.
    nathan8174
    Ordered 2 torrent invites and the support shown and the speed at which it was done was fantastic. Really happy I found this place. When I need more torrents I know where to come.…
    messiah4you
    Very happy and satisfied with this site. Bough a legit invite to a very hard to get tracker. The process all in all took about 24 hours but that because the process is very secu…
    kenpark
    Prefect and always a great communicator from start to finish will use again A+ for service and support 
    arispale
    great service ! superb speed !! top !!!
    zte3jl
    I highly recommend doing business with this user. He was very quick to answer and deliver when other users couldn't. 10/10 would do business again.
    YeeNaw
    A remarkable man, a pleasing seller, super patient, explained everything to me, discounted me, each and everything. I enjoyed the purchase with him, I received everything immedia…
    PastNoon
    Hi everyone, I am presenting a thought after purchasing an Invite from this site.  Inviter was super instantaneous to get back to me after I had questioned if he had any avai…
    bolombo7
    Everything was fine. He made a huge effort to find invite for me. Great communication. So if You need an Invite just contact @Inviter
    GlennGal
    Inviter supported me a lot and was super fast for the torrent access that I wanted. I will for sure request help from him when I need something else. Glad I reached him and regis…
    GigaFrance
    Very good service Fill up all my request Fast and secure Good contact. Trustable seller, 100% money back guaranteed. Traded usenet indexer.
    eggsorer
    Sent the invite fairly quickly, and sent very short, straight to the point, concise messages.
    anthonysteven
    Il migliore venditore, 100%
    the_20a
    smooth process
    genesisishere
    Absolutely patient and wonderful delivery. I really have nothing negative to say. Highly recommended!
    Amon123
    10/10 services. Very fast will trade again
    biitel
    Real tracker invite that's non-trivial to get with a quick turnaround for the simple act of site participation. Pretty awesome.
    OvaTheMoon
    Inviter is awesome. Very fast and friendly. Excellent in answering questions and quick transactions. Will do business with again.
    lizwan
    Don't know how he does it, but @Inviter delivers! Had a smooth transaction, no hiccups!
    Dimitris
    Everything went smooth. Keep up the good work
    Ronald Edward
    i was searching for invitation for tracker i found may sites sell these tracker some of them i did not trust them to send money some of them are expensive  i was confused un…
    Ricardooreld
    Enormously knowledgeable individual regarding the ins and outs of everything about private torrents and trackers. Not to mention he responds incredibly fast to messages, and his …
    Escanor1234
    great service
    GreenGrass
    Smooth transaction, no complaints at all. Highly recommended!

  • Our picks

    View All
×
×
  • Create New...