9.3 - MDVSA-2014:212

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	MDVSA-2014:212	First vendor Publication	2014-10-29
Vendor	Mandriva	Last vendor Modification	2014-10-29
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated wget package fixes security vulnerability:

Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP (CVE-2014-4877).

The default settings in wget have been changed such that wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the wget command.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:212

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26933

Oval ID:	oval:org.mitre.oval:def:26933
Title:	ELSA-2014-1764 -- wget security update (moderate)
Description:	[1.14-10.1] - Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access (#1156135)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1764 CVE-2014-4877	Version:	3
Platform(s):	Oracle Linux 6 Oracle Linux 7	Product(s):	wget
Definition Synopsis:
Oracle Linux 6 release section Oracle Linux 6.x AND wget is earlier than 0:1.12-5.el6_6.1 AND Oracle Linux 7 release section Oracle Linux 7.x AND wget is earlier than 0:1.14-10.el7_0.1

Definition Id: oval:org.mitre.oval:def:27511

Oval ID:	oval:org.mitre.oval:def:27511
Title:	DSA-3062-1 -- wget security update
Description:	HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override content of user's files or permit remote code execution with the user privilege.
Family:	unix	Class:	patch
Reference(s):	DSA-3062-1 CVE-2014-4877	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	wget
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND wget is earlier than 0:1.13.4-3+deb7u2

Definition Id: oval:org.mitre.oval:def:28220

Oval ID:	oval:org.mitre.oval:def:28220
Title:	USN-2393-1 -- Wget vulnerability
Description:	HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution.
Family:	unix	Class:	patch
Reference(s):	USN-2393-1 CVE-2014-4877	Version:	5
Platform(s):	Ubuntu 14.10 Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	wget
Definition Synopsis:
Ubuntu 14.10 release section Ubuntu 14.10 is installed AND wget is earlier than 0:1.15-1ubuntu1.14.10.1 AND Ubuntu 14.04 release section Ubuntu 14.04 is installed AND wget is earlier than 0:1.15-1ubuntu1.14.04.1 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND wget is earlier than 0:1.13.4-2ubuntu1.2 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND wget is earlier than 0:1.12-1.1ubuntu2.2

Definition Id: oval:org.mitre.oval:def:28354

Oval ID:	oval:org.mitre.oval:def:28354
Title:	RHSA-2014:1764 -- wget security update (Moderate)
Description:	The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. (CVE-2014-4877) Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally. Red Hat would like to thank the GNU Wget project for reporting this issue. Upstream acknowledges HD Moore of Rapid7, Inc as the original reporter. All users of wget are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1764 CESA-2014:1764-CentOS 7 CESA-2014:1764-CentOS 6 CVE-2014-4877	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 7 CentOS Linux 6	Product(s):	wget
Definition Synopsis:
Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x AND wget is earlier than 0:1.12-5.el6_6.1 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND wget-debuginfo is earlier than 0:1.12-5.el6_6.1 AND Red Hat Enterprise Linux 7 and CentOS Linux 7 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x AND wget is earlier than 0:1.14-10.el7_0.1 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 AND wget-debuginfo is earlier than 0:1.14-10.el7_0.1

Definition Id: oval:org.mitre.oval:def:28417

Oval ID:	oval:org.mitre.oval:def:28417
Title:	SUSE-SU-2014:1366-1 -- Security update for wget (important)
Description:	wget has been updated to fix one security issue and two non-security issues. This security issue has been fixed: * FTP symlink arbitrary filesystem access (CVE-2014-4877). These non-security issues have been fixed: * Fix displaying of download time (bnc#901276). * Fix 0 size FTP downloads after failure (bnc#885069). Security Issues: * CVE-2014-4877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1366-1 CVE-2014-4877	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	wget
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed AND wget is earlier than 0:1.11.4-1.19.1

Definition Id: oval:org.mitre.oval:def:28434

Oval ID:	oval:org.mitre.oval:def:28434
Title:	SUSE-SU-2014:1366-2 -- Security update for wget (important)
Description:	wget was updated to fix one security issue and two non-security issues: * FTP symbolic link arbitrary filesystem access (CVE-2014-4877). * Fix displaying of download time (bnc#901276). * Fix 0 size FTP downloads after failure (bnc#885069). Security Issues: * CVE-2014-4877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1366-2 CVE-2014-4877	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	wget
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed AND wget is earlier than 0:1.11.4-1.19.1

Definition Id: oval:org.mitre.oval:def:28443

Oval ID:	oval:org.mitre.oval:def:28443
Title:	SUSE-SU-2014:1464-1 -- Security update for wget (moderate)
Description:	wget was updated to fix one security issue. This security issue was fixed: - FTP symlink arbitrary filesystem access (CVE-2014-4877).
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1464-1 CVE-2014-4877	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	wget
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section wget is earlier than 0:1.14-7.1 AND wget-debuginfo is earlier than 0:1.14-7.1 AND wget-debugsource is earlier than 0:1.14-7.1

Definition Id: oval:org.mitre.oval:def:28507

Oval ID:	oval:org.mitre.oval:def:28507
Title:	SUSE-SU-2014:1408-1 -- Security update for wget (important)
Description:	wget was updated to fix one security issue: * FTP symbolic link arbitrary filesystem access (CVE-2014-4877). Security Issues: * CVE-2014-4877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1408-1 CVE-2014-4877	Version:	3
Platform(s):	SUSE Linux Enterprise Server 10	Product(s):	wget
Definition Synopsis:
SUSE Linux Enterprise Server 10 is installed AND wget is earlier than 0:1.10.2-15.14.5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Wget cpe:2.3:a:gnu:wget:1.9.1:::::::* cpe:2.3:a:gnu:wget:1.9:::::::* cpe:2.3:a:gnu:wget:1.8.2:::::::* cpe:2.3:a:gnu:wget:1.8.1:::::::* cpe:2.3:a:gnu:wget:1.8:::::::* cpe:2.3:a:gnu:wget:1.7.1:::::::* cpe:2.3:a:gnu:wget:1.7:::::::* cpe:2.3:a:gnu:wget:1.6:::::::* cpe:2.3:a:gnu:wget:1.5.3:::::::* cpe:2.3:a:gnu:wget:1.14:::::::* cpe:2.3:a:gnu:wget:1.13.4:::::::* cpe:2.3:a:gnu:wget:1.13.3:::::::* cpe:2.3:a:gnu:wget:1.13.2:::::::* cpe:2.3:a:gnu:wget:1.13.1:::::::* cpe:2.3:a:gnu:wget:1.13:::::::* cpe:2.3:a:gnu:wget:1.12:::::::* cpe:2.3:a:gnu:wget:1.11.4:::::::* cpe:2.3:a:gnu:wget:1.11.3:::::::* cpe:2.3:a:gnu:wget:1.11.2:::::::* cpe:2.3:a:gnu:wget:1.11.1:::::::* cpe:2.3:a:gnu:wget:1.11:::::::* cpe:2.3:a:gnu:wget:1.10.2:::::::* cpe:2.3:a:gnu:wget:1.10.1:::::::* cpe:2.3:a:gnu:wget:1.10:::::::* cpe:2.3:a:gnu:wget::::::::	25

Snort® IPS/IDS

Date	Description
2014-12-04	WGet symlink arbitrary file write attempt RuleID : 32375 - Revision : 3 - Type : BROWSER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2015-05-27	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1366-2.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1464-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1408-1.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2015-121.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-82.nasl - Type : ACT_GATHER_INFO
2014-12-07	Name : The remote Fedora host is missing a security update. File : fedora_2014-15347.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1955.nasl - Type : ACT_GATHER_INFO
2014-12-02	Name : The remote Fedora host is missing a security update. File : fedora_2014-15405.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0036.nasl - Type : ACT_GATHER_INFO
2014-11-24	Name : The remote Fedora host is missing a security update. File : fedora_2014-15385.nasl - Type : ACT_GATHER_INFO
2014-11-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201411-05.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-637.nasl - Type : ACT_GATHER_INFO
2014-11-10	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ee7b4f9d66c811e49ae1e8e0b722a85e.nasl - Type : ACT_GATHER_INFO
2014-11-06	Name : The remote SuSE 11 host is missing a security update. File : suse_11_wget-141105.nasl - Type : ACT_GATHER_INFO
2014-11-06	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-442.nasl - Type : ACT_GATHER_INFO
2014-11-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141030_wget_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-11-04	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3062.nasl - Type : ACT_GATHER_INFO
2014-10-31	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2393-1.nasl - Type : ACT_GATHER_INFO
2014-10-31	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1764.nasl - Type : ACT_GATHER_INFO
2014-10-31	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2014-1764.nasl - Type : ACT_GATHER_INFO
2014-10-31	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2014-1764.nasl - Type : ACT_GATHER_INFO
2014-10-30	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-302-01.nasl - Type : ACT_GATHER_INFO
2014-10-30	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2014-212.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-10-31 13:23:59	Multiple Updates
2014-10-29 21:28:10	Multiple Updates
2014-10-29 17:27:07	Multiple Updates
2014-10-29 09:22:00	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	8
CPE ID(s)	25
Snort® Rule(s)	1
Nessus® Exploit(s)	23

	Related
9.3	CVE-2014-4877
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)