| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100611085325.GA7420@openwall.com> Date: Fri, 11 Jun 2010 12:53:25 +0400 From: Solar Designer <solar@...nwall.com> To: bugtraq@...urityfocus.com Subject: Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability Hi, Here's a summary of relevant postings to oss-security and bug-wget. Unofficial patch for wget, by Florian Weimer: http://www.openwall.com/lists/oss-security/2010/05/17/2 PoC attack on a wget cron job resulting in a .bash_profile overwrite: http://www.openwall.com/lists/oss-security/2010/05/18/13 Brief description of an attack on a wget cron job not involving a dot-file nor a home directory (but involving a website tree instead): http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html Advice on back-porting lftp's fix to versions 3.4.7 through 4.0.5: http://www.openwall.com/lists/oss-security/2010/05/20/2 http://www.openwall.com/lists/oss-security/2010/06/10/1 On Wed, Jun 09, 2010 at 06:16:39PM +0200, Marcus Meissner wrote: > Did anyone assign CVE ids for these? Marcus' reminder has resulted in the following CVE assignments: CVE-2010-2251 - lftp CVE-2010-2252 - wget CVE-2010-2253 - libwww-perl as used in lwp-download Alexander
Powered by blists - more mailing lists