Test ID:	1.3.6.1.4.1.25623.1.0.55440
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2005:771
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2005:771. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local disk. If a malicious local user has write access to the directory wget is saving a file into, it is possible to overwrite files that the user running wget has write access to. (CVE-2004-2014) A bug was found in the way wget filters redirection URLs. It is possible for a malicious Web server to overwrite files the user running wget has write access to. Note: in order for this attack to succeed the local DNS would need to resolve .. to an IP address, which is an unlikely situation. (CVE-2004-1487) A bug was found in the way wget displays HTTP response codes. It is possible that a malicious web server could inject a specially crafted terminal escape sequence capable of misleading the user running wget. (CVE-2004-1488) Users should upgrade to this updated package, which contains a version of wget that is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-771.html Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1487 BugTraq ID: 11871 http://www.securityfocus.com/bid/11871 Bugtraq: 20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110269474112384&w=2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682 http://www.redhat.com/support/errata/RHSA-2005-771.html http://securitytracker.com/id?1012472 https://usn.ubuntu.com/145-1/ XForce ISS Database: wget-file-overwrite(18420) https://exchange.xforce.ibmcloud.com/vulnerabilities/18420 Common Vulnerability Exposure (CVE) ID: CVE-2004-1488 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750 http://secunia.com/advisories/20960 SuSE Security Announcement: SUSE-SR:2006:016 (Google Search) http://www.novell.com/linux/security/advisories/2006_16_sr.html XForce ISS Database: wget-terminal-overwrite(18421) https://exchange.xforce.ibmcloud.com/vulnerabilities/18421 Common Vulnerability Exposure (CVE) ID: CVE-2004-2014 BugTraq ID: 10361 http://www.securityfocus.com/bid/10361 Bugtraq: 20040516 Wget race condition vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108481268725276&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2005:204 http://marc.info/?l=wget&m=108483270227139&w=2 http://marc.info/?l=wget&m=108482747906833&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9830 http://secunia.com/advisories/17399 XForce ISS Database: wget-lock-race-condition(16167) https://exchange.xforce.ibmcloud.com/vulnerabilities/16167
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.