Detections
Analytics
GNU WGet < 1.10.2 Buffer Overflow
medium Nessus Network Monitor Plugin ID 3255
Synopsis
The remote host is vulnerable to a buffer overflow.Description
The remote host is using a version of wget that contains a flaw in the way that it handles NTLM authentication data. Specifically, a rogue website that returns malformed data during an NTLM authentication session will be able to execute arbitrary code on the local client machine.Solution
Upgrade to version 1.10.2 or higher.Plugin Details
Severity: Medium
ID: 3255
Family: Web Clients
Published: 10/14/2005
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 4.4
Temporal Score: 3.3
Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4.3
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:gnu:wget
Reference Information
CVE: CVE-2005-2337, CVE-2005-2628, CVE-2005-3185, CVE-2005-4077, CVE-2006-0024, CVE-2006-1439, CVE-2006-1440, CVE-2006-1441, CVE-2006-1442, CVE-2006-1443, CVE-2006-1444, CVE-2006-1445, CVE-2006-1446, CVE-2006-1447, CVE-2006-1448, CVE-2006-1449, CVE-2006-1450, CVE-2006-1451, CVE-2006-1452, CVE-2006-1453, CVE-2006-1454, CVE-2006-1455, CVE-2006-1456, CVE-2006-1457, CVE-2006-1552, CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, CVE-2006-1982, CVE-2006-1983, CVE-2006-1984, CVE-2006-1985