Test Kennung:	1.3.6.1.4.1.25623.1.0.51559
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:552
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:552. GNU wget is a freely available network utility to retrieve files using HTTP and FTP. Steven M. Christey reported[1] a vulnerability[2] in some ftp clients, including wget up to version 1.8.2 (inclusive). The vulnerability resides in the way wget handles server answers to LIST and multiple GET requests. If the filenames in the answer begin with characters pointing to parent directories (like ../ or /), wget can download files to that location, thus overwritting arbitrary files. The version 1.8.2 distributed together with this advisory fixes that vulnerability and some other minor bugs besides adding some new features[3]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.kb.cert.org/vuls/id/210409 http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482 http://cvs.sunsite.dk/viewcvs.cgi/wget/NEWS?rev=WGET_1_8&content-type=text/plain http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1344 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:552 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium CVSS Score: 5.0
Querverweis:	BugTraq ID: 6352 Common Vulnerability Exposure (CVE) ID: CVE-2002-1344 http://www.securityfocus.com/bid/6352 BugTraq ID: 6360 http://www.securityfocus.com/bid/6360 Bugtraq: 20021211 Directory Traversal Vulnerabilities in FTP Clients (Google Search) http://marc.info/?l=bugtraq&m=103962838628940&w=2 Bugtraq: 20021219 TSLSA-2002-0089 - wget (Google Search) http://marc.info/?l=bugtraq&m=104033016703851&w=2 Caldera Security Advisory: CSSA-2003.003.0 http://www.securityfocus.com/archive/1/307045/30/26300/threaded CERT/CC vulnerability note: VU#210148 http://www.kb.cert.org/vuls/id/210148 Computer Incident Advisory Center Bulletin: N-022 http://www.ciac.org/ciac/bulletins/n-022.shtml Conectiva Linux advisory: CLA-2002:552 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552 Conectiva Linux advisory: CLSA-2002:552 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552 Debian Security Information: DSA-209 (Google Search) https://www.debian.org/security/2002/dsa-209 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.html http://www.redhat.com/support/errata/RHSA-2002-229.html http://www.redhat.com/support/errata/RHSA-2002-256.html SCO Security Bulletin: CSSA-2003-003.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html http://www.iss.net/security_center/static/10820.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.