Trend Micro Security

GNU Wget Arbitrary Commands Execution Vulnerability (CVE-2016-4971)

  危険度: :

  概要

An arbitrary file overwrite vulnerability exist in the GNU Wget. The vulnerability is due to Wget trusting the filename provided by an FTP server when the original request is redirected from an HTTP server. A remote attacker can exploit this vulnerability by enticing a user to request a file over HTTP and sending an HTTP redirect to an FTP location hosting a malicious file intended to overwrite a user file such as .bashrc or .wgetrc. Upon successful exploitation, the commands contained in the downloaded file will be executed.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1007871