RHEL 2.1 : wget (RHSA-2003:372)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated wget packages that correct a buffer overrun are now available.

GNU Wget is a file-retrieval utility that uses the HTTP and FTP
protocols.

A buffer overflow in the url_filename function for wget 1.8.1 allows
attackers to cause a segmentation fault via a long URL. Red Hat does
not believe that this issue is exploitable to allow an attacker to be
able to run arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2002-1565 to this
issue.

Users of wget should install the erratum package, which contains a
backported security patch and is not vulnerable to this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-1565.html
http://rhn.redhat.com/errata/RHSA-2003-372.html

Solution :

Update the affected wget package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12436 ()

Bugtraq ID:

CVE ID: CVE-2002-1565