Exploit for GNU wget RCE flaw revealed

Technical details about a serious vulnerability affecting all but the latest version of the GNU wget software have been released online, along with PoC exploit scenarios.

Unearthed by security researcher Dawid Golunski, the flaw (CVE-2016-4971) was reported to the software’s developer through Beyond Security’s SecuriTeam, and has been fixed in version 1.18 of the popular utility for retrieving content from web servers.

The vulnerability arose due to the way wget handles redirects, and could be exploited by attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from to cause the user running wget to execute arbitrary commands.

“The commands are executed with the privileges with which wget is running. This could prove to be quite severe when wget is launched as ‘root’,” SecuriTeam explained, then proceeded to share technical details, execution flow, and PoC exploit scenarios.

The flaw affects wget version 1.17 and prior. it can be exploited remotely, by an unauthenticated user.

The software is bundled with most Linux distros. Some of them have pushed out updates that contain the fixed version, others are working on it, and others still are deferring the fix or foregoing it altogether for some of the packets.

Users are advised to update to the latest version of the software.

“Linux distributions should update their wget packages. It is recommended to update wget manually if an updated package is not available for your distribution,” says Golunski.