GNU Wget Arbitrary Commands Execution Vulnerability (CVE-2016-4971)
Publish Date: 05 Oktober 2016
Schweregrad:: Mittel
Beschreibung
An arbitrary file overwrite vulnerability exist in the GNU Wget. The vulnerability is due to Wget trusting the filename provided by an FTP server when the original request is redirected from an HTTP server. A remote attacker can exploit this vulnerability by enticing a user to request a file over HTTP and sending an HTTP redirect to an FTP location hosting a malicious file intended to overwrite a user file such as .bashrc or .wgetrc. Upon successful exploitation, the commands contained in the downloaded file will be executed.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1007871