Vulnerability CVE-2018-20483


Published: 2018-12-26

Description:
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.

Type:

CWE-255

(Credentials Management)

Vendor: GNU
Product: WGET 
Version:
1.9.1
1.9
1.8.2
1.8.1
1.8
1.7.1
1.7
1.6
1.5.3
1.5.0
1.4.3
1.4.2
1.4.1
1.4.0
1.20
1.19.5
1.19.4
1.19.3
1.19.2
1.19.1
1.19
1.18
1.17.1
1.17
1.16.3
1.16.2
1.16.1
1.16
1.15
1.14
1.13.4
1.13.3
1.13.1
1.13
1.12
1.11.4-1
1.11.4
1.11.3
1.11.2
1.11.1
1.11
1.10.2
1.10.1
1.10

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
http://www.securityfocus.com/bid/106358
https://security.gentoo.org/glsa/201903-08
https://security.netapp.com/advisory/ntap-20190321-0002/
https://twitter.com/marcan42/status/1077676739877232640
https://usn.ubuntu.com/3943-1/

Related CVE
CVE-2012-6711
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to p...
CVE-2018-12886
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack ...
CVE-2019-5953
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
CVE-2019-11640
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
CVE-2019-11639
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
CVE-2019-11638
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.
CVE-2019-11637
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.
CVE-2006-7254
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

Copyright 2019, cxsecurity.com

 

Back to Top