RHEL 4 : wget (RHSA-2005:771)

critical Nessus Plugin ID 19833

Synopsis

The remote Red Hat host is missing one or more security updates for wget.

Description

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2005:771 advisory.

GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols.

A bug was found in the way wget writes files to the local disk. If a malicious local user has write access to the directory wget is saving a file into, it is possible to overwrite files that the user running wget has write access to. (CAN-2004-2014)

A bug was found in the way wget filters redirection URLs. It is possible for a malicious Web server to overwrite files the user running wget has write access to. Note: in order for this attack to succeed the local DNS would need to resolve .. to an IP address, which is an unlikely situation. (CAN-2004-1487)

A bug was found in the way wget displays HTTP response codes. It is possible that a malicious web server could inject a specially crafted terminal escape sequence capable of misleading the user running wget.
(CAN-2004-1488)

Users should upgrade to this updated package, which contains a version of wget that is not vulnerable to these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL wget package based on the guidance in RHSA-2005:771.

See Also

http://www.nessus.org/u?551c31da

https://access.redhat.com/security/updates/classification/#low

https://bugzilla.redhat.com/show_bug.cgi?id=144214

https://bugzilla.redhat.com/show_bug.cgi?id=157498

https://bugzilla.redhat.com/show_bug.cgi?id=165782

https://access.redhat.com/errata/RHSA-2005:771

Plugin Details

Severity: Critical

ID: 19833

File Name: redhat-RHSA-2005-771.nasl

Version: 1.26

Type: local

Agent: unix

Published: 10/5/2005

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2004-1488

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:wget, cpe:/o:redhat:enterprise_linux:3, cpe:/o:redhat:enterprise_linux:4

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/27/2005

Vulnerability Publication Date: 12/31/2004

Reference Information

CVE: CVE-2004-1487, CVE-2004-1488, CVE-2004-2014

BID: 11871

RHSA: 2005:771