Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1344

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1344
Last Modified 05 Sep 2008 04:30:20
Published 18 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1344

Summary

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

Vulnerable Systems

Application

  • Gnu Wget 1.5.3

  • Gnu Wget 1.6

  • Gnu Wget 1.7

  • Gnu Wget 1.7.1

  • Gnu Wget 1.8

  • Gnu Wget 1.8.1

  • Gnu Wget 1.8.2


References

CERT-VN - VU#210148

BID - 6352

REDHAT - RHSA-2002:229

MANDRAKE - MDKSA-2002:086

BUGTRAQ - 20021219 TSLSA-2002-0089 - wget

BID - 6360

CALDERA - CSSA-2003.003.0

REDHAT - RHSA-2002:256

OPENPKG - OpenPKG-SA-2003.007

XF - wget-ftp-filename-traversal(10820)

CIAC - N-022

DEBIAN - DSA-209

BUGTRAQ - 20021211 Directory Traversal Vulnerabilities in FTP Clients

CONECTIVA - CLSA-2002:552

CONECTIVA - CLA-2002:552

VULNWATCH - 20021210 Directory Traversal Vulnerabilities in FTP Clients

SCO - CSSA-2003-003.0


Last Updated: 27 May 2016 10:37:17