Ubuntu Local Security Checks : Ubuntu Update for wget USN-3464-1

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.843351

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu Update for wget USN-3464-1

Zusammenfassung: The remote host is missing an update for the 'wget'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'wget'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Antti Levomki, Christian Jalio, and Joonas
Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A
remote attacker could use this issue to cause Wget to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2017-13089,
CVE-2017-13090) Dawid Golunski discovered that Wget incorrectly handled
recursive or mirroring mode. A remote attacker could possibly use this issue to
bypass intended access list restrictions. (CVE-2016-7098) Orange Tsai discovered
that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker
could possibly use this issue to inject arbitrary HTTP headers.
(CVE-2017-6508)

Affected Software/OS:
wget on Ubuntu 17.04,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-7098
BugTraq ID: 93157
http://www.securityfocus.com/bid/93157
https://www.exploit-db.com/exploits/40824/
http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html
http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html
http://www.openwall.com/lists/oss-security/2016/08/27/2
SuSE Security Announcement: openSUSE-SU-2016:2284 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html
SuSE Security Announcement: openSUSE-SU-2017:0015 (Google Search)
http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-6508
BugTraq ID: 96877
http://www.securityfocus.com/bid/96877
https://security.gentoo.org/glsa/201706-16
http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.843351
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for wget USN-3464-1
Zusammenfassung:	The remote host is missing an update for the 'wget'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'wget' package(s) announced via the referenced advisory. Vulnerability Insight: Antti Levomki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090) Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098) Orange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508) Affected Software/OS: wget on Ubuntu 17.04, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7098 BugTraq ID: 93157 http://www.securityfocus.com/bid/93157 https://www.exploit-db.com/exploits/40824/ http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html http://www.openwall.com/lists/oss-security/2016/08/27/2 SuSE Security Announcement: openSUSE-SU-2016:2284 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html SuSE Security Announcement: openSUSE-SU-2017:0015 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2017-6508 BugTraq ID: 96877 http://www.securityfocus.com/bid/96877 https://security.gentoo.org/glsa/201706-16 http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Copyright	Copyright (C) 2017 Greenbone Networks GmbH