RHEL 2.1 : wget (RHSA-2003:372)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated wget packages that correct a buffer overrun are now available.

GNU Wget is a file-retrieval utility that uses the HTTP and FTP

A buffer overflow in the url_filename function for wget 1.8.1 allows
attackers to cause a segmentation fault via a long URL. Red Hat does
not believe that this issue is exploitable to allow an attacker to be
able to run arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2002-1565 to this

Users of wget should install the erratum package, which contains a
backported security patch and is not vulnerable to this issue.

See also :


Solution :

Update the affected wget package.

Risk factor :

High / CVSS Base Score : 7.5

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12436 ()

Bugtraq ID:

CVE ID: CVE-2002-1565