Executive Summary
Summary | |
---|---|
Title | wget security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2014:0151 | First vendor Publication | 2014-02-10 |
Vendor | RedHat | Last vendor Modification | 2014-02-10 |
Severity (Vendor) | Low | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in dependency on file timestamp comparison. It was discovered that wget used a file name provided by the server when saving a downloaded file. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2010-2252) Note: With this update, wget always uses the last component of the original URL as the name for the downloaded file. Previous behavior of using the server provided name or the last component of the redirected URL when creating files can be re-enabled by using the '--trust-server-names' command line option, or by setting 'trust_server_names=on' in the wget start-up file. This update also fixes the following bugs: * Prior to this update, the wget package did not recognize HTTPS SSL certificates with alternative names (subjectAltName) specified in the certificate as valid. As a consequence, running the wget command failed with a certificate error. This update fixes wget to recognize such certificates as valid. (BZ#1060113) All users of wget are advised to upgrade to this updated package, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 602797 - CVE-2010-2252 wget: multiple HTTP client download filename vulnerability [OCERT 2010-001] 833831 - When redirected, wget should use the original page name for saving |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2014-0151.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13051 | |||
Oval ID: | oval:org.mitre.oval:def:13051 | ||
Title: | USN-982-1 -- wget vulnerability | ||
Description: | It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, and possibly run arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-982-1 CVE-2010-2252 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | wget |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22473 | |||
Oval ID: | oval:org.mitre.oval:def:22473 | ||
Title: | RHSA-2014:0151: wget security and bug fix update (Low) | ||
Description: | GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0151-00 CESA-2014:0151 CVE-2010-2252 | Version: | 8 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | wget |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23958 | |||
Oval ID: | oval:org.mitre.oval:def:23958 | ||
Title: | ELSA-2014:0151: wget security and bug fix update (Low) | ||
Description: | GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0151-00 CVE-2010-2252 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | wget |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26409 | |||
Oval ID: | oval:org.mitre.oval:def:26409 | ||
Title: | DEPRECATED: ELSA-2014-0151 -- wget security and bug fix update (low) | ||
Description: | [1.12-1.11] - Add --trust-server-names option to fix CVE-2010-2252 (#833831) [1.12-1.10] - Build wget again with partial RELRO. LDFLAGS changed due to openssl rebase. [1.12-1.9] - Fix wget to recognize certificates with alternative names (#1060113) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0151 CVE-2010-2252 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | wget |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-10 (Wget) File : nvt/glsa_201110_10.nasl |
2010-10-10 | Name : FreeBSD Ports: wget, wget-devel File : nvt/freebsd_wget0.nasl |
2010-09-07 | Name : Mandriva Update for wget MDVSA-2010:170 (wget) File : nvt/gb_mandriva_MDVSA_2010_170.nasl |
2010-09-07 | Name : Ubuntu Update for wget vulnerability USN-982-1 File : nvt/gb_ubuntu_USN_982_1.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2088-1 (wget) File : nvt/deb_2088_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66109 | GNU wget URL 3xx Redirect Server Provided Filename Arbitrary File Overwrite When requesting a document that returns a 3xx redirection code, wget uses the new name of the file, allowing a malicious server to create or overwrite an arbitrary file in the current folder. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0036.nasl - Type : ACT_GATHER_INFO |
2014-02-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2014-0151.nasl - Type : ACT_GATHER_INFO |
2014-02-11 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2014-0151.nasl - Type : ACT_GATHER_INFO |
2014-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0151.nasl - Type : ACT_GATHER_INFO |
2014-02-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140210_wget_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-10-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-10.nasl - Type : ACT_GATHER_INFO |
2010-09-04 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d754b7d2b6a711df826ce464a695cb21.nasl - Type : ACT_GATHER_INFO |
2010-09-03 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-170.nasl - Type : ACT_GATHER_INFO |
2010-09-03 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-982-1.nasl - Type : ACT_GATHER_INFO |
2010-08-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2088.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:57:50 |
|
2014-02-10 21:20:29 |
|