An update for wget is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.
Security Fix(es) :
Red Hat would like to thank the GNU Wget project for reporting these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2017:3075 and
# CentOS Errata and Security Advisory 2017:3075 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(104218);
script_version("3.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2017-13089", "CVE-2017-13090");
script_xref(name:"RHSA", value:"2017:3075");
script_name(english:"CentOS 7 : wget (CESA-2017:3075)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An update for wget is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The wget packages provide the GNU Wget file retrieval utility for
HTTP, HTTPS, and FTP protocols.
Security Fix(es) :
* A stack-based and a heap-based buffer overflow flaws were found in
wget when processing chunked encoded HTTP responses. By tricking an
unsuspecting user into connecting to a malicious HTTP server, an
attacker could exploit these flaws to potentially execute arbitrary
code. (CVE-2017-13089, CVE-2017-13090)
Red Hat would like to thank the GNU Wget project for reporting these
issues."
);
# https://lists.centos.org/pipermail/centos-announce/2017-October/022609.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?cdad3d4f"
);
script_set_attribute(attribute:"solution", value:"Update the affected wget package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13089");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wget");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/27");
script_set_attribute(attribute:"patch_publication_date", value:"2017/10/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"wget-1.14-15.el7_4.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wget");
}