Package: wget Version: 1.9.1-12, 1.10.2-2 Severity: normal I was able to reproduce the CVE-2006-6719 (DoS from malicious FTP server against wget <= 1.10.2 by letting it segfault, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6719) with wget versions in Sarge, Etch and Sid (Etch and Sid are the same at the moment of writing).
How to reproduce: Download the proof of concept perl script from http://www.milw0rm.com/exploits/2947 then log in as root and start the script as root (it's easy to understand and harmless, well, except to wget... ;-). You'll also find a backtrace in the comments at the beginning of the script. The login as a user, and start: wget --passive-ftp ftp://localhost/bla/fasel It will segfault. It's not yet known if this segfault can be exploited to execute some code with the rights of the wget user (possibly root), so I set the severity to normal only... Updates issued by other distributors: Fedora: http://lwn.net/Articles/217243/ http://lwn.net/Articles/217242/ Mandriva: http://www.mandriva.com/security/advisories?name=MDKSA-2007:017 Further links: Bugtraq Database: http://www.securityfocus.com/bid/21650 -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.33.2-1-dphys-k8-smp-64gb Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages wget depends on: ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libssl0.9.7 0.9.7e-3sarge4 SSL shared libraries -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
