i am not going to publish a complete security advisory on this topic,
but i think wget users deserve a little bit more information about the
security vulnerability that was fixed yesterday, october 13th 2005.
yesterday i was notified by iDEFENSE of a remotely exploitable buffer
overflow in the NTLM authentication code. this vulnerability could allow
a malicious website to run arbitrary code on the machine running the
the only two versions of wget vulnerable to this flaw are 1.10 and
1.10.1 with NTLM authentication support enabled. wget binaries compiled
without NTLM support are not vulnerable. in addition, NTLM support
requires OpenSSL, so wget binaries built without SSL support are not
affected by the vulnerability as well.
the same vulnerability applies to cURL and libcURL, as the NTLM code in
wget was donated by Daniel Stenberg, (lib)cURL's maintainer. Daniel sent
me a fix for the flaw which was included in wget 1.10.2, released
immediately after i received the vulnerability report and the fix.
although there is no known exploit at the time of this writing, i
strongly recommend anyone using a wget 1.10 or 1.10.1 binary with NTLM
authentication enabled to upgrade to wget 1.10.2 or to recompile their
binary without NTLM support.
Aequam memento rebus in arduis servare mentem...
Mauro Tortonesi http://www.tortonesi.com
University of Ferrara - Dept. of Eng. http://www.ing.unife.it
GNU Wget - HTTP/FTP file retrieval tool http://www.gnu.org/software/wget
Deep Space 6 - IPv6 for Linux http://www.deepspace6.net
Ferrara Linux User Group http://www.ferrara.linux.it