This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Jan Minar reports that there exists multiple vulnerabilities in wget :
Wget erroneously thinks that the current directory is a fair game, and
will happily write in any file in and below it. Malicious HTTP
response or malicious HTML file can redirect wget to a file that is
vital to the system, and wget will create/append/overwrite it.
Wget apparently has at least two methods of ``sanitizing'' the
potentially malicious data it receives from the HTTP stream, therefore
a malicious redirects can pass the check. We haven't find a way to
trick wget into writing above the parent directory, which doesn't mean
it's not possible.
Malicious HTTP response can overwrite parts of the terminal so that
the user will not notice anything wrong, or will believe the error was
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 18831 (freebsd_pkg_06f142ff4df311d9a9e70001020eed82.nasl)
Bugtraq ID: 11871
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now