漏洞类别:RedHat
漏洞等级: 
漏洞信息
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.
Security Fix(es):
* It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971)
漏洞危害
On successful exploitation it is allowing the server to execute arbitrary code on the client.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:2587 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论