Hello,
I've just found the following post on the net:
Package name: wget
Advisory ID: MDKSA-2002:086
Date: December 11th, 2002
Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0,
Single Network Firewall 7.2
________________________________________________________________________
Problem Description:
A vulnerability in all versions of wget prior to and including 1.8.2
was discovered by Steven M. Christey. The bug permits a malicious
FTP server to create or overwriet files anywhere on the local file
system by sending filenames beginning with "/" or containing "/../".
This can be used to make vulnerable FTP clients write files that can
later be used for attack against the client machine.
Where can I download the most recent binary for Win32 that is free of this
vulnerability? All the places I've accessed that carry the Win32 binary say just
1.8.2, and many were last updated before the advisory date.
Thank you in advance.
-Vesko
I
