-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2005:204 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wget Date : November 1, 2005 Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Hugo Vazquez Carames discovered a race condition when writing output files in wget. After wget determined the output file name, but before the file was actually opened, a local attacker with write permissions to the download directory could create a symbolic link with the name of the output file. This could be exploited to overwrite arbitrary files with the permissions of the user invoking wget. The time window of opportunity for the attacker is determined solely by the delay of the first received data packet. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2014 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.1: 28b67f788c7ed5f28ca7e752b15a9eb8 10.1/RPMS/wget-1.9.1-4.3.101mdk.i586.rpm b0b856e5eeb63f608476877942f6a216 10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: d2fc09595e4bf4267c7cc7d9d5def8ee x86_64/10.1/RPMS/wget-1.9.1-4.3.101mdk.x86_64.rpm b0b856e5eeb63f608476877942f6a216 x86_64/10.1/SRPMS/wget-1.9.1-4.3.101mdk.src.rpm Corporate 3.0: 91f8d363d41afb43943f3f5569e2e83c corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.i586.rpm 8ce78a19c89331fdb7527e6a4674376c corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm Corporate 3.0/X86_64: e3796c54a067d9ef54d08f779fe3ec9d x86_64/corporate/3.0/RPMS/wget-1.9.1-4.3.C30mdk.x86_64.rpm 8ce78a19c89331fdb7527e6a4674376c x86_64/corporate/3.0/SRPMS/wget-1.9.1-4.3.C30mdk.src.rpm Multi Network Firewall 2.0: f834aa6b814014c20b6d97fd7a893ea6 mnf/2.0/RPMS/wget-1.9.1-4.3.M20mdk.i586.rpm 00f1b8920df39e3f4fc35eea07879168 mnf/2.0/SRPMS/wget-1.9.1-4.3.M20mdk.src.rpm Mandriva Linux 10.2: 36dfb01a50fcdec20d379001f2054ba4 10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm 82584cb410bcb5104f44d3429675e7e5 10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 36dfb01a50fcdec20d379001f2054ba4 x86_64/10.2/RPMS/wget-1.9.1-5.2.102mdk.i586.rpm 82584cb410bcb5104f44d3429675e7e5 x86_64/10.2/SRPMS/wget-1.9.1-5.2.102mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDZ/jemqjQ0CJFipgRAjGJAKDtkgHO1ZWuWus4X5CPffEGbA0FxgCcDaXT yJo8rb9mFDl/0yBiIKUdigo= =y4/v -----END PGP SIGNATURE-----
