| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.9 | $0-$5k | 0.00 |
Summary
A vulnerability was found in GNU wget up to 1.15 and classified as problematic. This issue affects some unknown processing of the component FTP Handler. Such manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2014-4877. Local access is required to approach this attack. Moreover, an exploit is present. Applying a patch is advised to resolve this issue.
Details
A vulnerability was found in GNU wget up to 1.15 (Automation Software) and classified as problematic. Affected by this issue is an unknown code of the component FTP Handler. The manipulation with an unknown input leads to a path traversal vulnerability. Using CWE to declare the problem leads to CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Impacted is integrity, and availability.
The bug was discovered 10/27/2014. The weakness was disclosed 10/27/2014 as Bug 1139181 as confirmed bug report (Bugzilla). The advisory is shared for download at bugzilla.redhat.com. This vulnerability is handled as CVE-2014-4877 since 07/10/2014. The attack needs to be approached locally. No form of authentication is required for exploitation. Technical details are unknown but an exploit is available. The MITRE ATT&CK project declares the attack technique as T1006. The advisory points out:
It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP.
It is declared as highly functional. The vulnerability scanner Nessus provides a plugin with the ID 78753 (Oracle Linux 6 / 7 : wget (ELSA-2014-1764)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 157299 (Oracle Enterprise Linux Security Update for wget (ELSA-2016-2587)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.savannah.gnu.org. A possible mitigation has been published 3 days after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16943.
The vulnerability is also documented in the databases at X-Force (97778), Tenable (78753), SecurityFocus (BID 70751†), SecurityTracker (ID 1031121†) and Vulnerability Center (SBV-46838†). seclists.org is providing further details. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.gnu.org/
CPE 2.3
CPE 2.2
Video
Youtube: Not available anymoreCVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.1VulDB Meta Temp Score: 4.9
VulDB Base Score: 5.1
VulDB Temp Score: 4.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Highly functional
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 78753
Nessus Name: Oracle Linux 6 / 7 : wget (ELSA-2014-1764)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 703062
OpenVAS Name: Debian Security Advisory DSA 3062-1 (wget - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: wget_symlink_file_write.rb
MetaSploit Name: GNU Wget FTP Symlink Arbitrary Filesystem Access
MetaSploit File: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: git.savannah.gnu.org
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Fortigate IPS: 🔍
Timeline
07/10/2014 🔍10/27/2014 🔍
10/27/2014 🔍
10/27/2014 🔍
10/27/2014 🔍
10/28/2014 🔍
10/28/2014 🔍
10/29/2014 🔍
10/30/2014 🔍
10/31/2014 🔍
11/02/2014 🔍
04/24/2025 🔍
Sources
Vendor: gnu.orgAdvisory: Bug 1139181
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-4877 (🔍)
GCVE (CVE): GCVE-0-2014-4877
GCVE (VulDB): GCVE-100-68072
OVAL: 🔍
CERT: 🔍
X-Force: 97778 - GNU Wget symlink, Low Risk
SecurityFocus: 70751 - GNU Wget CVE-2014-4877 Symlink Vulnerability
SecurityTracker: 1031121
Vulnerability Center: 46838 - GNU Wget Before 1.16 Arbitrary Code Execution via a LIST Response, High
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
Entry
Created: 10/28/2014 15:08Updated: 04/24/2025 02:36
Changes: 10/28/2014 15:08 (93), 07/29/2019 20:55 (6), 02/23/2022 20:23 (3), 11/12/2024 15:22 (15), 04/24/2025 02:36 (2)
Complete: 🔍
Cache ID: 216:567:103
No comments yet. Languages: en.
Please log in to comment.