Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0396)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2017.0396

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2017-0396)

Resumen: The remote host is missing an update for the 'wget' package(s) announced via the MGASA-2017-0396 advisory.

Descripción: Summary:
The remote host is missing an update for the 'wget' package(s) announced via the MGASA-2017-0396 advisory.

Vulnerability Insight:
The http.c:skip_short_body() function is called in some circumstances,
such as when processing redirects. When the response is sent chunked,
the chunk parser uses strtol() to read each chunk's length, but
doesn't check that the chunk length is a non-negative number. The
code then tries to skip the chunk in pieces of 512 bytes by using the
MIN() macro, but ends up passing the negative chunk length to
connect.c:fd_read(). As fd_read() takes an int argument, the high
32 bits of the chunk length are discarded, leaving fd_read() with
a completely attacker controlled length argument (CVE-2017-13089).

The retr.c:fd_read_body() function is called when processing OK
responses. When the response is sent chunked, the chunk parser uses
strtol() to read each chunk's length, but doesn't check that the chunk
length is a non-negative number. The code then tries to read the chunk
in pieces of 8192 bytes by using the MIN() macro, but ends up passing
the negative chunk length to retr.c:fd_read(). As fd_read() takes an
int argument, the high 32 bits of the chunk length are discarded,
leaving fd_read() with a completely attacker controlled length
argument. The attacker can corrupt malloc metadata after the allocated
buffer (CVE-2017-13090).

Affected Software/OS:
'wget' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-13089
BugTraq ID: 101592
http://www.securityfocus.com/bid/101592
Debian Security Information: DSA-4008 (Google Search)
http://www.debian.org/security/2017/dsa-4008
https://security.gentoo.org/glsa/201711-06
https://github.com/r1b/CVE-2017-13089
https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html
RedHat Security Advisories: RHSA-2017:3075
https://access.redhat.com/errata/RHSA-2017:3075
http://www.securitytracker.com/id/1039661
Common Vulnerability Exposure (CVE) ID: CVE-2017-13090
BugTraq ID: 101590
http://www.securityfocus.com/bid/101590

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0396
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0396)
Resumen:	The remote host is missing an update for the 'wget' package(s) announced via the MGASA-2017-0396 advisory.
Descripción:	Summary: The remote host is missing an update for the 'wget' package(s) announced via the MGASA-2017-0396 advisory. Vulnerability Insight: The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument (CVE-2017-13089). The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer (CVE-2017-13090). Affected Software/OS: 'wget' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-13089 BugTraq ID: 101592 http://www.securityfocus.com/bid/101592 Debian Security Information: DSA-4008 (Google Search) http://www.debian.org/security/2017/dsa-4008 https://security.gentoo.org/glsa/201711-06 https://github.com/r1b/CVE-2017-13089 https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html RedHat Security Advisories: RHSA-2017:3075 https://access.redhat.com/errata/RHSA-2017:3075 http://www.securitytracker.com/id/1039661 Common Vulnerability Exposure (CVE) ID: CVE-2017-13090 BugTraq ID: 101590 http://www.securityfocus.com/bid/101590
Copyright	Copyright (C) 2022 Greenbone AG