Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2009-11739.NASL
HistoryDec 03, 2009 - 12:00 a.m.

Fedora 10 : wget-1.12-2.fc10 (2009-11739)

2009-12-0300:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-11739.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(42986);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2009-3490");
  script_bugtraq_id(36205);
  script_xref(name:"FEDORA", value:"2009-11739");

  script_name(english:"Fedora 10 : wget-1.12-2.fc10 (2009-11739)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Wed Nov 18 2009 Karsten Hopp <karsten at redhat.com>
    1.12-2

    - don't provide /usr/share/info/dir

    - Tue Nov 17 2009 Karsten Hopp <karsten at redhat.com>
      1.12-1

    - update to wget-1.12

    - fixes CVE-2009-3490 wget: incorrect verification of
      SSL certificate with NUL in name

  - Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> -
    1.11.4-5

    - rebuilt with new openssl

    - Mon Jul 27 2009 Fedora Release Engineering <rel-eng at
      lists.fedoraproject.org> - 1.11.4-4

    - Rebuilt for
      https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

    - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at
      lists.fedoraproject.org> - 1.11.4-3

    - Rebuilt for
      https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

    - Sun Jan 18 2009 Tomas Mraz <tmraz at redhat.com>
      1.11.4-2

    - rebuild with new openssl

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=520454"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032090.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4a700d8a"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected wget package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wget");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC10", reference:"wget-1.12-2.fc10")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wget");
}
VendorProductVersionCPE
fedoraprojectfedorawgetp-cpe:/a:fedoraproject:fedora:wget
fedoraprojectfedora10cpe:/o:fedoraproject:fedora:10

Related

nessus 20
securityvulns 2
fedora 3
openvas 25
centos 1
oraclelinux 1
gentoo 1
redhat 2
debian 1
veracode 1
seebug 1
ubuntu 1
prion 1
cvelist 1
debiancve 1
ubuntucve 1
cve 1
nessus
nessus
Solaris 10 (x86) : 125216-07 (deprecated)
2009-12-02 00:00:00
Solaris 10 (sparc) : 125215-07
2018-03-12 00:00:00
Fedora 12 : wget-1.12-2.fc12 (2009-11836)
2009-12-03 00:00:00
securityvulns
securityvulns
wget certificate spoofing
2009-10-07 00:00:00
[USN-842-1] Wget vulnerability
2009-10-07 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: wget-1.12-2.fc10
2009-12-03 05:12:11
[SECURITY] Fedora 11 Update: wget-1.12-2.fc11
2009-12-03 04:56:35
[SECURITY] Fedora 12 Update: wget-1.12-2.fc12
2009-12-03 04:56:18
openvas
openvas
Fedora Core 10 FEDORA-2009-11739 (wget)
2009-12-10 00:00:00
CentOS Update for wget CESA-2009:1549 centos3 i386
2011-08-09 00:00:00
CentOS Update for wget CESA-2009:1549 centos4 i386
2011-08-09 00:00:00
centos
centos
wget security update
2009-11-03 21:48:02
oraclelinux
oraclelinux
wget security update
2009-11-03 00:00:00
gentoo
gentoo
Wget: Certificate validation error
2009-10-20 00:00:00
redhat
redhat
(RHSA-2009:1549) Moderate: wget security update
2009-11-03 00:00:00
(RHSA-2009:1692) Important: rhev-hypervisor security and bug fix update
2009-12-23 00:00:00
debian
debian
[SECURITY] [DSA 1904-1] New wget packages fix SSL certificate verification weakness
2009-10-09 11:32:06
veracode
veracode
Spoofing Attack
2020-04-10 00:42:35
seebug
seebug
Wget CA SSL畸归证书ιͺŒθ―ζΌζ΄ž
2009-11-05 00:00:00
ubuntu
ubuntu
Wget vulnerability
2009-10-06 00:00:00
prion
prion
Design/Logic Flaw
2009-09-30 15:30:00
cvelist
cvelist
CVE-2009-3490
2009-09-30 15:00:00
debiancve
debiancve
CVE-2009-3490
2009-09-30 15:30:00
ubuntucve
ubuntucve
CVE-2009-3490
2009-09-30 00:00:00
cve
cve
CVE-2009-3490
2009-09-30 15:30:00
JSON
Related for FEDORA_2009-11739.NASL
nessus20securityvulns2fedora3openvas25centos1oraclelinux1gentoo1redhat2debian1veracode1seebug1ubuntu1prion1cvelist1debiancve1ubuntucve1cve1