Vulnerability CVE-2018-20483


Published: 2018-12-26

Description:
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.

Type:

CWE-255

(Credentials Management)

Vendor: GNU
Product: WGET 
Version:
1.9.1
1.9
1.8.2
1.8.1
1.8
1.7.1
1.7
1.6
1.5.3
1.5.0
1.4.3
1.4.2
1.4.1
1.4.0
1.20
1.19.5
1.19.4
1.19.3
1.19.2
1.19.1
1.19
1.18
1.17.1
1.17
1.16.3
1.16.2
1.16.1
1.16
1.15
1.14
1.13.4
1.13.3
1.13.1
1.13
1.12
1.11.4-1
1.11.4
1.11.3
1.11.2
1.11.1
1.11
1.10.2
1.10.1
1.10

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
http://www.securityfocus.com/bid/106358
https://security.gentoo.org/glsa/201903-08
https://security.netapp.com/advisory/ntap-20190321-0002/
https://twitter.com/marcan42/status/1077676739877232640
https://usn.ubuntu.com/3943-1/

Related CVE
CVE-2019-14444
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable sy...
CVE-2019-1010180
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging....
CVE-2019-14250
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-1010204
GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:...
CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
CVE-2019-1010025
** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."
CVE-2019-1010024
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.

Copyright 2019, cxsecurity.com

 

Back to Top