ID de Prueba:	1.3.6.1.4.1.25623.1.0.51559
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:552
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:552. GNU wget is a freely available network utility to retrieve files using HTTP and FTP. Steven M. Christey reported[1] a vulnerability[2] in some ftp clients, including wget up to version 1.8.2 (inclusive). The vulnerability resides in the way wget handles server answers to LIST and multiple GET requests. If the filenames in the answer begin with characters pointing to parent directories (like ../ or /), wget can download files to that location, thus overwritting arbitrary files. The version 1.8.2 distributed together with this advisory fixes that vulnerability and some other minor bugs besides adding some new features[3]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.kb.cert.org/vuls/id/210409 http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482 http://cvs.sunsite.dk/viewcvs.cgi/wget/NEWS?rev=WGET_1_8&content-type=text/plain http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1344 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:552 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 6352 Common Vulnerability Exposure (CVE) ID: CVE-2002-1344 http://www.securityfocus.com/bid/6352 BugTraq ID: 6360 http://www.securityfocus.com/bid/6360 Bugtraq: 20021211 Directory Traversal Vulnerabilities in FTP Clients (Google Search) http://marc.info/?l=bugtraq&m=103962838628940&w=2 Bugtraq: 20021219 TSLSA-2002-0089 - wget (Google Search) http://marc.info/?l=bugtraq&m=104033016703851&w=2 Caldera Security Advisory: CSSA-2003.003.0 http://www.securityfocus.com/archive/1/307045/30/26300/threaded CERT/CC vulnerability note: VU#210148 http://www.kb.cert.org/vuls/id/210148 Computer Incident Advisory Center Bulletin: N-022 http://www.ciac.org/ciac/bulletins/n-022.shtml Conectiva Linux advisory: CLA-2002:552 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552 Conectiva Linux advisory: CLSA-2002:552 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552 Debian Security Information: DSA-209 (Google Search) https://www.debian.org/security/2002/dsa-209 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.html http://www.redhat.com/support/errata/RHSA-2002-229.html http://www.redhat.com/support/errata/RHSA-2002-256.html SCO Security Bulletin: CSSA-2003-003.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html http://www.iss.net/security_center/static/10820.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.