FreeBSD Local Security Checks : FreeBSD Ports: wget, wget-devel

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52277

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: wget, wget-devel

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

wget, wget-devel, wgetpro, wget+ipv6

CVE-2004-1487
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite
certain files via a redirection URL containing a '..' that resolves to
the IP address of the malicious server, which bypasses wget's
filtering for '..' sequences.

CVE-2004-1488
wget 1.8.x and 1.9.x does not filter or quote control characters when
displaying HTTP responses to the terminal, which may allow remote
malicious web servers to inject terminal escape sequences and execute
arbitrary code.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1487
BugTraq ID: 11871
http://www.securityfocus.com/bid/11871
Bugtraq: 20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110269474112384&w=2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682
http://www.redhat.com/support/errata/RHSA-2005-771.html
http://securitytracker.com/id?1012472
https://usn.ubuntu.com/145-1/
XForce ISS Database: wget-file-overwrite(18420)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18420
Common Vulnerability Exposure (CVE) ID: CVE-2004-1488
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750
http://secunia.com/advisories/20960
SuSE Security Announcement: SUSE-SR:2006:016 (Google Search)
http://www.novell.com/linux/security/advisories/2006_16_sr.html
XForce ISS Database: wget-terminal-overwrite(18421)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18421

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52277
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: wget, wget-devel
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: wget, wget-devel, wgetpro, wget+ipv6 CVE-2004-1487 wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a '..' that resolves to the IP address of the malicious server, which bypasses wget's filtering for '..' sequences. CVE-2004-1488 wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1487 BugTraq ID: 11871 http://www.securityfocus.com/bid/11871 Bugtraq: 20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110269474112384&w=2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682 http://www.redhat.com/support/errata/RHSA-2005-771.html http://securitytracker.com/id?1012472 https://usn.ubuntu.com/145-1/ XForce ISS Database: wget-file-overwrite(18420) https://exchange.xforce.ibmcloud.com/vulnerabilities/18420 Common Vulnerability Exposure (CVE) ID: CVE-2004-1488 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750 http://secunia.com/advisories/20960 SuSE Security Announcement: SUSE-SR:2006:016 (Google Search) http://www.novell.com/linux/security/advisories/2006_16_sr.html XForce ISS Database: wget-terminal-overwrite(18421) https://exchange.xforce.ibmcloud.com/vulnerabilities/18421
Copyright	Copyright (C) 2008 E-Soft Inc.