ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2019.1417
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1417)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'wget' package(s) announced via the EulerOS-SA-2019-1417 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'wget' package(s) announced via the EulerOS-SA-2019-1417 advisory. Vulnerability Insight: A stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code.(CVE-2017-13089) A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution.(CVE-2014-4877) A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.(CVE-2018-0494) It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client.(CVE-2016-4971) A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code.(CVE-2017-13090) Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.(CVE-2016-7098) Affected Software/OS: 'wget' package(s) on Huawei EulerOS Virtualization 3.0.1.0. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4877 BugTraq ID: 70751 http://www.securityfocus.com/bid/70751 CERT/CC vulnerability note: VU#685996 http://www.kb.cert.org/vuls/id/685996 Debian Security Information: DSA-3062 (Google Search) http://www.debian.org/security/2014/dsa-3062 http://security.gentoo.org/glsa/glsa-201411-05.xml http://www.mandriva.com/security/advisories?name=MDVSA-2015:121 https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access https://github.com/rapid7/metasploit-framework/pull/4088 http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html RedHat Security Advisories: RHSA-2014:1764 http://rhn.redhat.com/errata/RHSA-2014-1764.html RedHat Security Advisories: RHSA-2014:1955 http://rhn.redhat.com/errata/RHSA-2014-1955.html SuSE Security Announcement: SUSE-SU-2014:1366 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html SuSE Security Announcement: SUSE-SU-2014:1408 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html SuSE Security Announcement: openSUSE-SU-2014:1380 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html http://www.ubuntu.com/usn/USN-2393-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4971 BugTraq ID: 91530 http://www.securityfocus.com/bid/91530 https://www.exploit-db.com/exploits/40064/ https://security.gentoo.org/glsa/201610-11 http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html RedHat Security Advisories: RHSA-2016:2587 http://rhn.redhat.com/errata/RHSA-2016-2587.html http://www.securitytracker.com/id/1036133 SuSE Security Announcement: openSUSE-SU-2016:2027 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html http://www.ubuntu.com/usn/USN-3012-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-7098 BugTraq ID: 93157 http://www.securityfocus.com/bid/93157 https://www.exploit-db.com/exploits/40824/ http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html http://www.openwall.com/lists/oss-security/2016/08/27/2 SuSE Security Announcement: openSUSE-SU-2016:2284 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html SuSE Security Announcement: openSUSE-SU-2017:0015 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2018-0494 BugTraq ID: 104129 http://www.securityfocus.com/bid/104129 Debian Security Information: DSA-4195 (Google Search) https://www.debian.org/security/2018/dsa-4195 https://www.exploit-db.com/exploits/44601/ https://security.gentoo.org/glsa/201806-01 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html https://savannah.gnu.org/bugs/?53763 https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt https://lists.debian.org/debian-lts-announce/2018/05/msg00006.html RedHat Security Advisories: RHSA-2018:3052 https://access.redhat.com/errata/RHSA-2018:3052 http://www.securitytracker.com/id/1040838 https://usn.ubuntu.com/3643-1/ https://usn.ubuntu.com/3643-2/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.