oval:org.mitre.oval:def:13580

Definition Id: oval:org.mitre.oval:def:13580

Oval ID:	oval:org.mitre.oval:def:13580
Title:	DSA-1904-1 wget -- insufficient input validation
Description:	Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using http and ftp, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field. For the oldstable distribution, this problem has been fixed in version 1.10.2-2+etch1. For the stable distribution, this problem has been fixed in version 1.11.4-2+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.12-1. We recommend that you upgrade your wget packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1904-1 CVE-2009-3490	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	wget
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND wget DPKG is earlier than 1.11.4-2+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND wget DPKG is earlier than 1.10.2-2+etch1

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:13580

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:13580

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0324s

Facebook rss twitter linkedin mail