On October 26, 2017, GNU Wget announced a buffer overflow vulnerability in the versions earlier than 1.19.2. When a user clicks the special HTTP links through the Wget software with the vulnerability, the user host may get attacked by malicious HTTP response, leading to the DoS attack or malicious code execution. The vulnerability IDs are CVE-2017-13089 and CVE-2017-13090.
See the following for more information about the vulnerability.
CVE-2017-13089 and CVE-2017-13090
Wget stack buffer overflow vulnerability
The vulnerability exists in the
src/http.c source code file. In some circumstances where the
http.c:skip_short_body() function is called, the chunk parser uses strtol() to read each chunk’s length, but does not check if the chunk length is a non-negative number. When Wget calls the function, the chunk content and length can be fully controlled by attackers. As a result, the stack buffer overflows in the fd_read() function.
This vulnerability can be exploited to start DoS attacks.
Condition and method of exploitation
Command execution may be triggered when a user downloads the HTTP links using Wget.
GNU Wget of versions earlier than 1.19.2.
Red Hat Linux
- Unaffected: Red Hat Linux 5 and 6
- Affected: Red Hat Linux 7
Ubuntu: Ubuntu 12, 14, and 16 are affected. The patch has been released to fix it.
Debian: All versions are affected.
CentOS: CentOS 7 is affected.
SUSE: All versions are affected except SUSE Linux Enterprise Server 11.
wget -V command to check whether any affected version of Wget is used.
How to fix or mitigate
The vulnerability details and test code are published, and the major operating system vendors have released the patches to fix the vulnerability. To prevent security events, Alibaba Cloud Security recommends that you upgrade your software to the latest version.
. Red Hat Enterprise Linux 7
. SUSE (SUSE Linux Enterprise Server/openSUSE)