Detections
Analytics
CentOS 3 / 4 / 5 : wget (CESA-2009:1549)
medium Nessus Plugin ID 67069
Language:
Synopsis
The remote CentOS host is missing a security update.Description
An updated wget package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5.This update has been rated as having moderate security impact by the Red Hat Security Response Team.
GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP.
Daniel Stenberg reported that Wget is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Wget into accepting it by mistake. (CVE-2009-3490)
Wget users should upgrade to this updated package, which contains a backported patch to correct this issue.
Solution
Update the affected wget package.See Also
http://www.nessus.org/u?5cd2ef30
http://www.nessus.org/u?fbb0bddb
http://www.nessus.org/u?c790cb2e
http://www.nessus.org/u?6a57fec9
Plugin Details
Severity: Medium
ID: 67069
File Name: centos_RHSA-2009-1549.nasl
Version: 1.10
Type: local
Agent: unix
Family: CentOS Local Security Checks
Published: 6/29/2013
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:centos:centos:3, cpe:/o:centos:centos:4, cpe:/o:centos:centos:5, p-cpe:/a:centos:centos:wget
Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 11/13/2009
Vulnerability Publication Date: 9/30/2009
Reference Information
CVE: CVE-2009-3490
BID: 36205