GNU Wget is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass the security mechanism and perform unauthorized actions.
Information
Bugtraq ID: | 93157 | Class: | Design Error | CVE: | CVE-2016-7098
| Remote: | Yes | Local: | No | Published: | Sep 26 2016 12:00AM | Updated: | Nov 01 2017 12:05AM | Credit: | The vendor reported this issue. | Vulnerable: | Ubuntu Ubuntu Linux 17.10
Ubuntu Ubuntu Linux 17.04
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
GNU wget 1.11.4
GNU wget 1.11.3
GNU wget 1.11.2
GNU wget 1.11.1
GNU wget 1.10.2
GNU wget 1.10.1
GNU wget 1.10
GNU wget 1.9.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
GNU wget 1.9
GNU wget 1.8.2
+ Immunix Immunix OS 7+
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Redhat Linux 8.0 i386
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.0 i386
+ Redhat Linux 6.2 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 1.5
GNU wget 1.8.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
GNU wget 1.8
GNU wget 1.7.1
GNU wget 1.7
GNU wget 1.6
GNU wget 1.5.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
GNU wget 1.17
+ Immunix Immunix OS 7+
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Redhat Linux 8.0 i386
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.0 i386
+ Redhat Linux 6.2 i386
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 1.5
GNU wget 1.16
GNU wget 1.15
GNU wget 1.12
GNU wget 1.11
| | Not Vulnerable: | | Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
