It was found that GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file. Normally a website should not be able to set cookies for other domains. Due to insufficient input validation GNU Wget can be tricked into storing arbitrary cookie values to the cookie jar file, bypassing this security restriction. An external attacker is able to inject arbitrary cookie values into cookie jar file, adding new or replacing existing cookie values. Upstream patch: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd References (PoC included): http://openwall.com/lists/oss-security/2018/05/06/1
Created wget tracking bugs for this issue: Affects: fedora-all [bug 1575635]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3052 https://access.redhat.com/errata/RHSA-2018:3052