IDG News Service >
 

Linux distributions update for Web flaw

o Joab Jackson
03.09.2010 kl 17:21 | IDG News Service\New York Bureau

A widely used program for Web spidering can be hijacked for malicious purposes

 

A number of Linux distributors have issued patches for fixing a widely used program that fetches Web pages, called Wget, so it can not be misused by attackers.

Canonical and Mandriva have both released advisories of this vulnerability, as well as updated their software to a fixed version. Red Hat has not updated this flaw, according to the company website.

Included in most Linux distributions, the GNU Wget is a program that can retrieve Web pages and other Internet files. A widely used command line tool, it is often embedded in scripts and programs for automatically downloading large numbers of Web pages, which can be useful for indexing the Web. It also works with FTP (File Transfer Protocol).

Versions 1.12 and older possess a vulnerability that attackers could use to inject malicious code into the host machine running the software. As the software downloads a file, the server provides it with a file name that can be substituted with a pointer to a file with executable code, which, in turn, can overwrite an existing file or be inserted into the start-up routine.

The OpenWall Project, a group that focuses on open-source security, discovered the vulnerability late last year, but it was, according to the group, initially ignored by the Wget maintainers.

The keepers of the CVE (Common Vulnerabilities and Exposures) database are reviewing the vulnerability, CVE-2010-2252, and it has been classified as a medium risk.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Keywords: Internet  Security  
Latest news from IDG News Service
Latest news from IDG News Service

Copyright 2009 IDG Magazines Norge AS. All rights reserved

Postboks 9090 Grønland - 0133 OSLO / online@idg.no / Telefon 22053000

Ansvarlig redaktør Morten Kristiansen / Utviklingsansvarlig Ulf H. Helland / Salgsdirektør Jon Thore Thorstensen