OracleVM 3.3 : wget (OVMSA-2014-0036)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote OracleVM host is missing a security update.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem
access (#1156133)

- Fix the parsing of weblink when doing recursive
retrieving (#960137)

- Fix errors found by static analysis of source code

- Add SNI (Server Name Indication) support (#909604)

- Add --trust-server-names option to fix CVE-2010-2252

- Fix wget to recognize certificates with alternative
names (#736445)

See also :

Solution :

Update the affected wget package.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79551 ()

Bugtraq ID: 70751

CVE ID: CVE-2010-2252

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now