'Re: [oss-security] CVE request for wget'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request for wget
From:       Austin English <austinenglish () gmail ! com>
Date:       2015-09-25 0:55:02
Message-ID: CACC5Q1etFdEav9SnOtf5CqqhdQVm2dSM340sExwaKzf84YcDWQ () mail ! gmail ! com
[Download RAW message or body]

On Wed, Sep 9, 2015 at 2:52 AM, Andreas Stieger <astieger@suse.com> wrote:
> Hello,
> 
> On 09/07/2015 10:39 PM, Austin English wrote:
> > This was reported to tails-dev [1] and other places [2] and is fixed
> > upstream [3].
> > 
> > I've rebased the patch for 1.13.4 (attached), which is the current
> > version in Debian wheezy [4] that Tails is based on.
> > 
> > Please keep me in CC, as I'm not subscribed.
> > 
> > [1] https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html
> >  [2] https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
> > [3] http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
> >  [4] https://packages.debian.org/wheezy/wget
> 
> To reproduce:
> 
> A $> nc -lv 8020
> B $> wget ftp://A:8020
> 
> On A keep entering "200 ok", the following will be printed:
> 
> > $ wget ftp://dexter:8020 > --2015-09-08 17:11:30-- ftp://dexter:8020/ > \
> > =>
> ‘.listing' > Resolving dexter (dexter)... 10.160.4.160 > Connecting to
> dexter (dexter)|10.160.4.160|:8020... connected. > Logging in as
> anonymous ... Logged in! > ==> SYST ... done. ==> PWD ... done. > ==>
> TYPE I ... done. ==> CWD not needed. > ==> PASV ... > Cannot parse PASV
> response. > ==> PORT ...
> 
> On the server side:
> 
> > $ nc -lv 8020 > Connection from 10.160.4.160 port 8020 \
> > [tcp/intu-ec-svcdisc] accepted 200 ok > USER anonymous > 200 ok > SYST \
> > > 200 ok > PWD > 200 ok > TYPE
> I > 200 ok > PASV > 200 ok > PORT 10,160,4,160,134,42
> ^^^^^^^^^^^^
> 
> This would affect IP users connecting through a privacy proxy or VPN,
> leaking their public IP address if they are otherwise connected without
> NAT. For users connecting without such a proxy but through NAT, it leaks
> the internal IP address.
> 
> https://bugzilla.suse.com/show_bug.cgi?id=944858
> 
> Andreas
> 
> --
> Andreas Stieger <astieger@suse.com>
> Project Manager Security
> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, \
> HRB 21284 (AG Nürnberg)

Ping. It's been over two weeks, I was hoping to have a CVE for this by now \
:)

-- 
-Austin


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic