Hi,
here is a patch to limit the file modes to u+rw for temp. downloaded files.
Not sure if your proof of concept still works or not - but it seems a good
thing anyways.
Regards, Tim
From 5de996a94f74a31132660238e3b11fd0e29c18fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim Rühsen?=
Hi,
--
- Background -
--
Here at iDefense, Verisign Inc, we have a Vulnerability Contributor Program
(VCP) where we buy vulnerabilities.
Recently, security researcher Dawid Golunski sold us an interesting
vulnerability within Wget. We asked Red Hat (secalert