'A critical flaw has been found and patched in the open source Wget
file retrieval utility that is widely used on UNIX systems. The
vulnerability is publicly identified as CVE-2014-4877. "It was found
that wget was susceptible to a symlink attack which could create
arbitrary files, directories or symbolic links and set their
permissions when retrieving a directory recursively through FTP,"
developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP
server can stomp over your entire filesystem, tweets HD Moore, chief
research officer at Rapid 7, who is the original reporter of the bug.'
-- source: http://tech.slashdot.org/story/14/10/29/1333216
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
Ph. +64 (7) 858-5174