Test ID:	1.3.6.1.4.1.25623.1.0.51559
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:552
Summary:	Conectiva Security Advisory CLA-2002:552
Description:	The remote host is missing updates announced in advisory CLA-2002:552. GNU wget is a freely available network utility to retrieve files using HTTP and FTP. Steven M. Christey reported[1] a vulnerability[2] in some ftp clients, including wget up to version 1.8.2 (inclusive). The vulnerability resides in the way wget handles server answers to LIST and multiple GET requests. If the filenames in the answer begin with characters pointing to parent directories (like ../ or /), wget can download files to that location, thus overwritting arbitrary files. The version 1.8.2 distributed together with this advisory fixes that vulnerability and some other minor bugs besides adding some new features[3]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.kb.cert.org/vuls/id/210409 http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482 http://cvs.sunsite.dk/viewcvs.cgi/wget/NEWS?rev=WGET_1_8&content-type=text/plain http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1344 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:552 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium
Cross-Ref:	BugTraq ID: 6352 Common Vulnerability Exposure (CVE) ID: CVE-2002-1344 Bugtraq: 20021211 Directory Traversal Vulnerabilities in FTP Clients (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html Caldera Security Advisory: CSSA-2003.003.0 http://www.securityfocus.com/archive/1/archive/1/307045/30/26300/threaded Conectiva Linux advisory: CLA-2002:552 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552 Conectiva Linux advisory: CLSA-2002:552 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552 Debian Security Information: DSA-209 (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=103973388702700&w=2 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.html http://www.redhat.com/support/errata/RHSA-2002-229.html http://www.redhat.com/support/errata/RHSA-2002-256.html SCO Security Bulletin: CSSA-2003-003.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt Bugtraq: 20021219 TSLSA-2002-0089 - wget (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=104033016703851&w=2 Computer Incident Advisory Center Bulletin: N-022 http://www.ciac.org/ciac/bulletins/n-022.shtml CERT/CC vulnerability note: VU#210148 http://www.kb.cert.org/vuls/id/210148 http://www.securityfocus.com/bid/6352 BugTraq ID: 6360 http://www.securityfocus.com/bid/6360 http://www.iss.net/security_center/static/10820.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: