CVE-2015-7665

Sažetak

Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command. NOTE: within wget itself, the automatic fallback is not considered a vulnerability by CVE.

Reference

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=075d7556964f5a871a73c22ac4b69f5361295099
http://www.openwall.com/lists/oss-security/2015/10/01/10
http://www.securityfocus.com/bid/76678
https://labs.riseup.net/code/issues/10364
https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
https://mailman.boum.org/pipermail/tails-dev/2015-August/009370.html
https://mailman.boum.org/pipermail/tails-dev/2015-October/009591.html
https://tails.boum.org/news/version_1.7/index.en.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-11-2016 - 19:44

Objavljeno

27-12-2015 - 19:59