Executive Summary

Summary
Title GNU Wget: Multiple vulnerabilities
Informations
Name GLSA-201711-06 First vendor Publication 2017-11-11
Vendor Gentoo Last vendor Modification 2017-11-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis


========


 


Multiple vulnerabilities have been found in Wget, the worst of which


could allow remote attackers to execute arbitrary code.


 


Background


==========


 


GNU Wget is a free software package for retrieving files using HTTP,


HTTPS and FTP, the most widely-used Internet protocols.


 


Description


===========


 


Multiple vulnerabilities have been discovered in Wget. Please review


the referenced CVE identifiers for details.


 


Impact


======


 


A remote attacker, by enticing a user to connect to a malicious server,


could remotely execute arbitrary code or cause a Denial of Service


condition.


 


Workaround


==========


 


There is no known workaround at this time.


 


Resolution


==========


 


All Wget users should upgrade to the latest version:


 



# emerge --sync



# emerge --ask --oneshot --verbose ">=net-misc/wget-1.19.1-r2"


 


References


==========


 


[ 1 ] CVE-2017-13089


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13089


[ 2 ] CVE-2017-13090


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13090


 


Availability


============


 


This GLSA and any updates to it are available for viewing at


the Gentoo Security Website:


 


https://security.gentoo.org/glsa/201711-06


 


Original Source

Url : http://security.gentoo.org/glsa/glsa-201711-06.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 25
Os 2

Snort® IPS/IDS

Date Description
2019-12-17 Wget HTTP non-200 negative chunk-size buffer overflow attempt
RuleID : 52235 - Revision : 1 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2018-11-27 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-3075.nasl - Type : ACT_GATHER_INFO
2018-08-17 Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0047.nasl - Type : ACT_GATHER_INFO
2018-08-17 Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0046.nasl - Type : ACT_GATHER_INFO
2018-01-15 Name : The remote Fedora host is missing a security update.
File : fedora_2017-10fbce01ec.nasl - Type : ACT_GATHER_INFO
2017-11-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2871-2.nasl - Type : ACT_GATHER_INFO
2017-11-16 Name : The remote Fedora host is missing a security update.
File : fedora_2017-de8a421dcd.nasl - Type : ACT_GATHER_INFO
2017-11-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201711-06.nasl - Type : ACT_GATHER_INFO
2017-11-08 Name : The remote Fedora host is missing a security update.
File : fedora_2017-f0b3231763.nasl - Type : ACT_GATHER_INFO
2017-11-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1270.nasl - Type : ACT_GATHER_INFO
2017-11-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1269.nasl - Type : ACT_GATHER_INFO
2017-10-30 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1210.nasl - Type : ACT_GATHER_INFO
2017-10-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_d77ceb8cbb1311e783573065ec6f3643.nasl - Type : ACT_GATHER_INFO
2017-10-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_09849e71bb1211e783573065ec6f3643.nasl - Type : ACT_GATHER_INFO
2017-10-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4008.nasl - Type : ACT_GATHER_INFO
2017-10-30 Name : The remote Debian host is missing a security update.
File : debian_DLA-1149.nasl - Type : ACT_GATHER_INFO
2017-10-30 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2017-3075.nasl - Type : ACT_GATHER_INFO
2017-10-30 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-300-02.nasl - Type : ACT_GATHER_INFO
2017-10-27 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-916.nasl - Type : ACT_GATHER_INFO
2017-10-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3464-1.nasl - Type : ACT_GATHER_INFO
2017-10-27 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20171026_wget_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-10-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-3075.nasl - Type : ACT_GATHER_INFO
2017-10-27 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2017-3075.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2017-11-17 17:23:28
  • Multiple Updates
2017-11-14 13:24:55
  • Multiple Updates
2017-11-11 17:23:31
  • First insertion