 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.52277 |
| Kategorie: | FreeBSD Local Security Checks |
| Titel: | FreeBSD Ports: wget, wget-devel |
| Zusammenfassung: | The remote host is missing an update to the system; as announced in the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: wget, wget-devel, wgetpro, wget+ipv6 CVE-2004-1487 wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a '..' that resolves to the IP address of the malicious server, which bypasses wget's filtering for '..' sequences. CVE-2004-1488 wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-1487 BugTraq ID: 11871 http://www.securityfocus.com/bid/11871 Bugtraq: 20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110269474112384&w=2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682 http://www.redhat.com/support/errata/RHSA-2005-771.html http://securitytracker.com/id?1012472 https://usn.ubuntu.com/145-1/ XForce ISS Database: wget-file-overwrite(18420) https://exchange.xforce.ibmcloud.com/vulnerabilities/18420 Common Vulnerability Exposure (CVE) ID: CVE-2004-1488 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750 http://secunia.com/advisories/20960 SuSE Security Announcement: SUSE-SR:2006:016 (Google Search) http://www.novell.com/linux/security/advisories/2006_16_sr.html XForce ISS Database: wget-terminal-overwrite(18421) https://exchange.xforce.ibmcloud.com/vulnerabilities/18421 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |