exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2018-20483

Status Candidate

Overview

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.

Related Files

Red Hat Security Advisory 2020-4298-01
Posted Oct 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4298-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2016-10739, CVE-2018-14404, CVE-2018-14498, CVE-2018-16890, CVE-2018-18074, CVE-2018-18624, CVE-2018-18751, CVE-2018-19519, CVE-2018-20060, CVE-2018-20337, CVE-2018-20483, CVE-2018-20657, CVE-2018-20852, CVE-2018-9251, CVE-2019-1010180, CVE-2019-1010204, CVE-2019-11070, CVE-2019-11236, CVE-2019-11324, CVE-2019-11358, CVE-2019-11459, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-12450
SHA-256 | b21e4b6db18910bfdf465e20ef86844c5bb5f82b4312bf2f74efe50f227b2c78
Red Hat Security Advisory 2019-3701-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3701-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2018-16890, CVE-2018-20483, CVE-2019-3822, CVE-2019-3823
SHA-256 | d57927f60f9bb3de6d8189bd654e44a49857cc31223d9c50f6272fc993f1255f
Ubuntu Security Notice USN-3943-1
Posted Apr 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3943-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Kusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-20483, CVE-2019-5953
SHA-256 | 07cfbacbdf284a452d4eb8a1178d94ee8b1980b8d6780f03aa0d09e9df3a3a16
Gentoo Linux Security Advisory 201903-08
Posted Mar 11, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-8 - A vulnerability in GNU Wget which could allow an attacker to obtain sensitive information. Versions less than 1.20.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2018-20483
SHA-256 | 2434dc89023ff5753338fc86dae08c750f387f9dbe89122525463662e1fdfc53
Page 1 of 1
Back1Next

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    39 Files
  • 7
    Jun 7th
    22 Files
  • 8
    Jun 8th
    17 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close