Gentoo: 202305-12 Critical Alert: Curl Path Disclosure Vulnerability
gentoo
December 20, 2002
A malicious server could potentially overwrite key files to cause a denial of service or, in some cases, gain privileges by modifying executable files.
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-7 - -------------------------------------------------------------------- DATE : 2002-12-20 17:12 UTC
- --------------------------------------------------------------------
Quote from advisory
"A malicious server could potentially overwrite key files to cause a denial of service or, in some cases, gain privileges by modifying executable files. The risk is mitigated because non-default configurations are primarily affected, and the user must be convinced to access the malicious server. However, web-based clients may be more easily exploited."
Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running net-misc/wget-1.8.2-r1 and earlier update their systems as follows:
emerge rsync emerge wget emerge clean
...Read the Full Advisory
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : wget
SUMMARY : directory traversal
EXPLOIT : remote
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!