ID de Prueba:	1.3.6.1.4.1.25623.1.0.55440
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:771
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:771. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local disk. If a malicious local user has write access to the directory wget is saving a file into, it is possible to overwrite files that the user running wget has write access to. (CVE-2004-2014) A bug was found in the way wget filters redirection URLs. It is possible for a malicious Web server to overwrite files the user running wget has write access to. Note: in order for this attack to succeed the local DNS would need to resolve .. to an IP address, which is an unlikely situation. (CVE-2004-1487) A bug was found in the way wget displays HTTP response codes. It is possible that a malicious web server could inject a specially crafted terminal escape sequence capable of misleading the user running wget. (CVE-2004-1488) Users should upgrade to this updated package, which contains a version of wget that is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-771.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1487 BugTraq ID: 11871 http://www.securityfocus.com/bid/11871 Bugtraq: 20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110269474112384&w=2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682 http://www.redhat.com/support/errata/RHSA-2005-771.html http://securitytracker.com/id?1012472 https://usn.ubuntu.com/145-1/ XForce ISS Database: wget-file-overwrite(18420) https://exchange.xforce.ibmcloud.com/vulnerabilities/18420 Common Vulnerability Exposure (CVE) ID: CVE-2004-1488 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750 http://secunia.com/advisories/20960 SuSE Security Announcement: SUSE-SR:2006:016 (Google Search) http://www.novell.com/linux/security/advisories/2006_16_sr.html XForce ISS Database: wget-terminal-overwrite(18421) https://exchange.xforce.ibmcloud.com/vulnerabilities/18421 Common Vulnerability Exposure (CVE) ID: CVE-2004-2014 BugTraq ID: 10361 http://www.securityfocus.com/bid/10361 Bugtraq: 20040516 Wget race condition vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108481268725276&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2005:204 http://marc.info/?l=wget&m=108483270227139&w=2 http://marc.info/?l=wget&m=108482747906833&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9830 http://secunia.com/advisories/17399 XForce ISS Database: wget-lock-race-condition(16167) https://exchange.xforce.ibmcloud.com/vulnerabilities/16167
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.