A widely used program for Web spidering can be hijacked for malicious purposes
A number of Linux distributors have issued patches for fixing a widely used program that fetches Web pages, called Wget, so it can not be misused by attackers.
Included in most Linux distributions, the GNU Wget is a program that can retrieve Web pages and other Internet files. A widely used command line tool, it is often embedded in scripts and programs for automatically downloading large numbers of Web pages, which can be useful for indexing the Web. It also works with FTP (File Transfer Protocol).
Versions 1.12 and older possess a vulnerability that attackers could use to inject malicious code into the host machine running the software. As the software downloads a file, the server provides it with a file name that can be substituted with a pointer to a file with executable code, which, in turn, can overwrite an existing file or be inserted into the start-up routine.
Copyright 2009 IDG Magazines Norge AS. All rights reserved
Postboks 9090 Grønland - 0133 OSLO / firstname.lastname@example.org / Telefon 22053000
Ansvarlig redaktør Morten Kristiansen / Utviklingsansvarlig Ulf H. Helland / Salgsdirektør Jon Thore Thorstensen