OracleVM 3.3 : wget (OVMSA-2014-0036)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing a security update.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem
access (#1156133)

- Fix the parsing of weblink when doing recursive
retrieving (#960137)

- Fix errors found by static analysis of source code
(#873216)

- Add SNI (Server Name Indication) support (#909604)

- Add --trust-server-names option to fix CVE-2010-2252
(#1062190)

- Fix wget to recognize certificates with alternative
names (#736445)

See also :

http://www.nessus.org/u?4a15552a

Solution :

Update the affected wget package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79551 ()

Bugtraq ID: 70751

CVE ID: CVE-2010-2252
CVE-2014-4877

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now