FreeBSD : wget -- multiple vulnerabilities (06f142ff-4df3-11d9-a9e7-0001020eed82)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Jan Minar reports that there exists multiple vulnerabilities in wget :

Wget erroneously thinks that the current directory is a fair game, and
will happily write in any file in and below it. Malicious HTTP
response or malicious HTML file can redirect wget to a file that is
vital to the system, and wget will create/append/overwrite it.

Wget apparently has at least two methods of ``sanitizing'' the
potentially malicious data it receives from the HTTP stream, therefore
a malicious redirects can pass the check. We haven't find a way to
trick wget into writing above the parent directory, which doesn't mean
it's not possible.

Malicious HTTP response can overwrite parts of the terminal so that
the user will not notice anything wrong, or will believe the error was
not fatal.

See also :

http://marc.info/?l=bugtraq&m=110269474112384
http://bugs.debian.org/261755
http://www.nessus.org/u?4ee1c409

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18831 (freebsd_pkg_06f142ff4df311d9a9e70001020eed82.nasl)

Bugtraq ID: 11871

CVE ID: CVE-2004-1487
CVE-2004-1488

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now