CVE-2006-6719

Description

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

Affected products

• gnu / wget1.5.3 – 1.5.3
• gnu / wget1.6 – 1.6
• gnu / wget1.7 – 1.7
• gnu / wget1.7.1 – 1.7.1
• gnu / wget1.8 – 1.8
• gnu / wget1.8.1 – 1.8.1
• gnu / wget1.8.2 – 1.8.2
• gnu / wget1.9 – 1.9
• gnu / wget1.9.1 – 1.9.1
• gnu / wget1.10 – 1.10
• gnu / wget1.10.1 – 1.10.1
• gnu / wget1.10.2 – 1.10.2

References

• MISChttps://issues.rpath.com/browse/RPL-930
• MISChttp://www.securityfocus.com/bid/21650
• EXPLOIThttps://www.exploit-db.com/exploits/2947
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:017