Cookie injection in wget (Alpine package)

1) Cookie injection

EUVDB-ID: #VU12432

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-0494

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists due to improper processing of Set-Cookie responses. A remote attacker can return specially crafted data and inject arbitrary cookies into the cookie jar file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

wget (Alpine package): 1.18-r2 - 1.18-r3

CPE2.3

• cpe:2.3:o:alpine:wget_alpine_package:1.18-r3:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:wget_alpine_package:1.18-r2:*:*:*:*:alpine_linux:*:

External links

http://git.alpinelinux.org/aports/commit/?id=e6404a21b246558e15ba90e0a54011392d26c497
http://git.alpinelinux.org/aports/commit/?id=216de6f087c9096374a5b94d109a6fac300d7495
http://git.alpinelinux.org/aports/commit/?id=9ac70349518c3ae6773ec02ff79be8d20f8462b8
http://git.alpinelinux.org/aports/commit/?id=06efc389600960466f2d0f27de63ab5984f00518
http://git.alpinelinux.org/aports/commit/?id=5be082426ec4169377ecf7986788fc6e90d4faea
http://git.alpinelinux.org/aports/commit/?id=ef64d3c2ab9ef38db387a7198c2ea6adccc6f495

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.