Ubuntu Local Security Checks : Ubuntu Update for wget USN-2393-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.842019

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for wget USN-2393-1

Resumen: The remote host is missing an update for the 'wget'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'wget'
package(s) announced via the referenced advisory.

Vulnerability Insight:
HD Moore discovered that Wget contained a
path traversal vulnerability when downloading symlinks using FTP. A malicious
remote FTP server or a man in the middle could use this issue to cause Wget to
overwrite arbitrary files, possibly leading to arbitrary code execution.

Affected Software/OS:
wget on Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS,
Ubuntu 10.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-4877
BugTraq ID: 70751
http://www.securityfocus.com/bid/70751
CERT/CC vulnerability note: VU#685996
http://www.kb.cert.org/vuls/id/685996
Debian Security Information: DSA-3062 (Google Search)
http://www.debian.org/security/2014/dsa-3062
http://security.gentoo.org/glsa/glsa-201411-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2015:121
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
https://github.com/rapid7/metasploit-framework/pull/4088
http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html
RedHat Security Advisories: RHSA-2014:1764
http://rhn.redhat.com/errata/RHSA-2014-1764.html
RedHat Security Advisories: RHSA-2014:1955
http://rhn.redhat.com/errata/RHSA-2014-1955.html
SuSE Security Announcement: SUSE-SU-2014:1366 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
SuSE Security Announcement: SUSE-SU-2014:1408 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
SuSE Security Announcement: openSUSE-SU-2014:1380 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html
http://www.ubuntu.com/usn/USN-2393-1

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.842019
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for wget USN-2393-1
Resumen:	The remote host is missing an update for the 'wget'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'wget' package(s) announced via the referenced advisory. Vulnerability Insight: HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution. Affected Software/OS: wget on Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4877 BugTraq ID: 70751 http://www.securityfocus.com/bid/70751 CERT/CC vulnerability note: VU#685996 http://www.kb.cert.org/vuls/id/685996 Debian Security Information: DSA-3062 (Google Search) http://www.debian.org/security/2014/dsa-3062 http://security.gentoo.org/glsa/glsa-201411-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2015:121 https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access https://github.com/rapid7/metasploit-framework/pull/4088 http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html RedHat Security Advisories: RHSA-2014:1764 http://rhn.redhat.com/errata/RHSA-2014-1764.html RedHat Security Advisories: RHSA-2014:1955 http://rhn.redhat.com/errata/RHSA-2014-1955.html SuSE Security Announcement: SUSE-SU-2014:1366 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html SuSE Security Announcement: SUSE-SU-2014:1408 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html SuSE Security Announcement: openSUSE-SU-2014:1380 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html http://www.ubuntu.com/usn/USN-2393-1
Copyright	Copyright (C) 2014 Greenbone Networks GmbH