ID FEDORA_2017-F0B3231763.NASL Type nessus Reporter Tenable Modified 2018-02-02T00:00:00
Description
new upstream release with CVE fixes
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.
#
include("compat.inc");
if (description)
{
script_id(104452);
script_version("$Revision: 3.3 $");
script_cvs_date("$Date: 2018/02/02 14:59:06 $");
script_cve_id("CVE-2017-13089", "CVE-2017-13090");
script_xref(name:"FEDORA", value:"2017-f0b3231763");
script_name(english:"Fedora 26 : wget (2017-f0b3231763)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"new upstream release with CVE fixes
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"
);
script_set_attribute(attribute:"solution", value:"Update the affected wget package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wget");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/08");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC26", reference:"wget-1.19.2-1.fc26")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wget");
}
{"id": "FEDORA_2017-F0B3231763.NASL", "bulletinFamily": "scanner", "title": "Fedora 26 : wget (2017-f0b3231763)", "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-11-08T00:00:00", "modified": "2018-02-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "reporter": "Tenable", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "type": "nessus", "lastseen": "2018-02-04T11:06:06", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "86f56f3d7a8c641f9dae2253cfd0a87f19f3886de388efef9518692a7c099a28", "hashmap": [{"hash": "ada99a85a22bbcb4af166b40440e0a4c", "key": "references"}, {"hash": "322e058cd57621c922ef4e690d6456c0", "key": "sourceData"}, {"hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7f9bdd2b409c9bc14cc0b2cca6553247", "key": "pluginID"}, {"hash": "a0e9f1cac5ee28958e21cdbbfc6ea938", "key": "description"}, {"hash": "c09912b70625e497f66d769f2bb6ba80", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d20ef5c4d89f5885abcc7f2eab461c9c", "key": "cvelist"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "modified"}, {"hash": "c5813c86deb437665ba4de345462cb8b", "key": "title"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "id": "FEDORA_2017-F0B3231763.NASL", "lastseen": "2017-11-08T22:44:57", "modified": "2017-11-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "104452", "published": "2017-11-08T00:00:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/11/08 14:53:53 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "title": "Fedora 26 : wget (2017-f0b3231763)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2017-11-08T22:44:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {}, "hash": "a3fe9f3b86d162fe3234f4acd6e60446f931acca4b9d7f095aaf18b396f315d1", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "ada99a85a22bbcb4af166b40440e0a4c", "key": "references"}, {"hash": "322e058cd57621c922ef4e690d6456c0", "key": "sourceData"}, {"hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7f9bdd2b409c9bc14cc0b2cca6553247", "key": "pluginID"}, {"hash": "a0e9f1cac5ee28958e21cdbbfc6ea938", "key": "description"}, {"hash": "c09912b70625e497f66d769f2bb6ba80", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d20ef5c4d89f5885abcc7f2eab461c9c", "key": "cvelist"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "modified"}, {"hash": "c5813c86deb437665ba4de345462cb8b", "key": "title"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "id": "FEDORA_2017-F0B3231763.NASL", "lastseen": "2017-11-18T12:43:56", "modified": "2017-11-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "104452", "published": "2017-11-08T00:00:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/11/08 14:53:53 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "title": "Fedora 26 : wget (2017-f0b3231763)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-11-18T12:43:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"modified": "2017-11-21T07:28:51", "value": 9.3}}, "hash": "f53d30a7bb7b8aa43f47d4dfdc1a9398a94fb05a25763412872ac6f6ef58eb75", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "ada99a85a22bbcb4af166b40440e0a4c", "key": "references"}, {"hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7f9bdd2b409c9bc14cc0b2cca6553247", "key": "pluginID"}, {"hash": "a0e9f1cac5ee28958e21cdbbfc6ea938", "key": "description"}, {"hash": "c09912b70625e497f66d769f2bb6ba80", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8dc818ca4840378d6f8a5ca15bb151b9", "key": "modified"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d20ef5c4d89f5885abcc7f2eab461c9c", "key": "cvelist"}, {"hash": "c5813c86deb437665ba4de345462cb8b", "key": "title"}, {"hash": "d537e39ea91b5b48b24279552984fef0", "key": "sourceData"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "id": "FEDORA_2017-F0B3231763.NASL", "lastseen": "2017-11-21T07:28:51", "modified": "2017-11-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "104452", "published": "2017-11-08T00:00:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2017/11/20 17:24:42 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "title": "Fedora 26 : wget (2017-f0b3231763)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-11-21T07:28:51"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb"}, {"key": "cvelist", "hash": "d20ef5c4d89f5885abcc7f2eab461c9c"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "a0e9f1cac5ee28958e21cdbbfc6ea938"}, {"key": "href", "hash": "c09912b70625e497f66d769f2bb6ba80"}, {"key": "modified", "hash": "e5ea4e133fdd22d0dad25dd00662de7f"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "7f9bdd2b409c9bc14cc0b2cca6553247"}, {"key": "published", "hash": "3dac0ffc80a5d37a95ccdf97e777628f"}, {"key": "references", "hash": "ada99a85a22bbcb4af166b40440e0a4c"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "0c49659962d34669cce2ef13d33180d4"}, {"key": "title", "hash": "c5813c86deb437665ba4de345462cb8b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "5ac666295948bc464a281d1c9724a1f41f533a151af80e2abddfa2fa4a6cd6fd", "viewCount": 1, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2018/02/02 14:59:06 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "104452", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"]}
{"result": {"cve": [{"id": "CVE-2017-13089", "type": "cve", "title": "CVE-2017-13089", "description": "The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.", "published": "2017-10-27T15:29:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13089", "cvelist": ["CVE-2017-13089"], "lastseen": "2017-12-30T11:50:05"}, {"id": "CVE-2017-13090", "type": "cve", "title": "CVE-2017-13090", "description": "The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.", "published": "2017-10-27T15:29:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13090", "cvelist": ["CVE-2017-13090"], "lastseen": "2017-12-30T11:50:05"}], "f5": [{"id": "F5:K46552732", "type": "f5", "title": "Wget vulnerability CVE-2017-13089", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | CVSSv3 score | Vulnerable component or feature \n---|---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None | None \nBIG-IP GTM | None | 11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None | None \nF5 WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.2 | Not vulnerable | None | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-11-29T21:12:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K46552732", "cvelist": ["CVE-2017-13089"], "lastseen": "2018-02-08T02:55:37"}, {"id": "F5:K13288506", "type": "f5", "title": "Wget vulnerability CVE-2017-13090", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | CVSSv3 score | Vulnerable component or feature \n---|---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None | None \nBIG-IP GTM | None | 11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None | None \nF5 WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.2 | Not vulnerable | None | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-11-29T19:09:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K13288506", "cvelist": ["CVE-2017-13090"], "lastseen": "2017-11-29T23:03:49"}], "seebug": [{"id": "SSV:96839", "type": "seebug", "title": "wget HTTP integer overflow(CVE-2017-13089)", "description": "That\u2019s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levom\u00e4ki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more precisely in skip_short_body() function.\r\n\r\n```\r\n/* Read the body of the request, but don't store it anywhere and don't\r\n display a progress gauge. This is useful for reading the bodies of\r\n administrative responses to which we will soon issue another\r\n request. The response is not useful to the user, but reading it\r\n allows us to continue using the same connection to the server.\r\n \r\n If reading fails, false is returned, true otherwise. In debug\r\n mode, the body is displayed for debugging purposes. */\r\n \r\nstatic bool\r\nskip_short_body (int fd, wgint contlen, bool chunked)\r\n{\r\n enum {\r\n SKIP_SIZE = 512, /* size of the download buffer */\r\n SKIP_THRESHOLD = 4096 /* the largest size we read */\r\n };\r\n wgint remaining_chunk_size = 0;\r\n ...\r\n return true;\r\n}\r\n```\r\n\r\nThe description in the comment is pretty clear but what we care about here is the \u201cremaining_chunk_size\u201d variable which has data type of \u201cwgint\u201d. This is a data type defined in src/wget.h header file based on the architecture and operating system.\r\n```\r\n/* Pick an integer type large enough for file sizes, content lengths,\r\n and such. Because today's files can be very large, it should be a\r\n signed integer at least 64 bits wide. This can't be typedeffed to\r\n off_t because: a) off_t is always 32-bit on Windows, and b) we\r\n don't necessarily want to tie having a 64-bit type for internal\r\n calculations to having LFS support. */\r\n \r\n#ifdef WINDOWS\r\n /* nothing to do, see mswindows.h */\r\n#elif SIZEOF_LONG >= 8\r\n /* long is large enough, so use it. */\r\n typedef long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG\r\n#elif SIZEOF_LONG_LONG >= 8\r\n /* long long is large enough and available, use that */\r\n typedef long long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG_LONG\r\n#elif HAVE_INT64_T\r\n typedef int64_t wgint;\r\n# define SIZEOF_WGINT 8\r\n#elif SIZEOF_OFF_T >= 8\r\n /* In case off_t is typedeffed to a large non-standard type that our\r\n tests don't find. */\r\n typedef off_t wgint;\r\n# define SIZEOF_WGINT SIZEOF_OFF_T\r\n#else\r\n /* Fall back to using long, which is always available and in most\r\n cases large enough. */\r\n typedef long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG\r\n#endif\r\n```\r\n\r\nWhat is worth noting is all of the type definitions are using signed data types. This means that \u201cwgint\u201d variables can get both positive and negative values. Now that this is clear, let\u2019s move back to http.c and skip_short_body() function.\r\n```\r\nstatic bool\r\nskip_short_body (int fd, wgint contlen, bool chunked)\r\n{\r\n ...\r\n SKIP_SIZE = 512, /* size of the download buffer */\r\n ...\r\n wgint remaining_chunk_size = 0;\r\n char dlbuf[SKIP_SIZE + 1];\r\n ...\r\n while (contlen > 0 || chunked)\r\n {\r\n int ret;\r\n if (chunked)\r\n {\r\n if (remaining_chunk_size == 0)\r\n {\r\n char *line = fd_read_line (fd);\r\n char *endl;\r\n if (line == NULL)\r\n break;\r\n \r\n remaining_chunk_size = strtol (line, &endl, 16);\r\n xfree (line);\r\n ...\r\n contlen = MIN (remaining_chunk_size, SKIP_SIZE);\r\n ...\r\n ret = fd_read (fd, dlbuf, MIN (contlen, SKIP_SIZE), -1);\r\n ...\r\n}\r\n```\r\n\r\nSo, when wget processes chunked responses it will enter this \u201cwhile\u201d loop (content length greater than zero or the response is chunked). When the chunk size gets to 0, it will read the next line using fd_read_line() and then attempt to retrieve the remaining chunk size using strtol() in hexadecimal. This value is 100% controlled by the response header and it could be anything, including so large that it will wrap around this signed integer into a negative value. Then MIN() macro will be used to compare that value with SKIP_SIZE (which is 512) and use this to initialize \u201ccontlen\u201d signed integer. If \u201cremaining_chunk_size\u201d had a negative value it means that this will now be stored in \u201ccontlen\u201d which is then used in fd_read() leading to a stack based buffer overflow as the attacker completely controls the size argument that is used to copy data from \u201cfd\u201d (the HTTP page) to \u201cdlbuf\u201d (stack based buffer with size of 513 bytes). The fix was relatively simple as you can see below.\r\n```\r\n remaining_chunk_size = strtol (line, &endl, 16);\r\n xfree (line);\r\n \r\n+ if (remaining_chunk_size < 0)\r\n+ return false;\r\n+\r\n if (remaining_chunk_size == 0)\r\n```\r\n\r\nThe fix was a simple bound check after the strtol() call to ensure that the value of \u201cremaining_chunk_size\u201d was not set to a negative value before continuing with the processing.", "published": "2017-11-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-96839", "cvelist": ["CVE-2017-13089"], "lastseen": "2017-11-19T12:04:37"}], "freebsd": [{"id": "09849E71-BB12-11E7-8357-3065EC6F3643", "type": "freebsd", "title": "wget -- Stack overflow in HTTP protocol handling", "description": "\nAntti Levom\u00c3\u00a4ki, Christian Jalio, Joonas Pihlaja:\n\nWget contains two vulnerabilities, a stack overflow and a heap\n\t overflow, in the handling of HTTP chunked encoding. By convincing\n\t a user to download a specific link over HTTP, an attacker may be\n\t able to execute arbitrary code with the privileges of the user.\n\t \n\n", "published": "2017-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/09849e71-bb12-11e7-8357-3065ec6f3643.html", "cvelist": ["CVE-2017-13089"], "lastseen": "2017-11-18T12:32:51"}, {"id": "D77CEB8C-BB13-11E7-8357-3065EC6F3643", "type": "freebsd", "title": "wget -- Heap overflow in HTTP protocol handling", "description": "\nAntti Levom\u00c3\u00a4ki, Christian Jalio, Joonas Pihlaja:\n\nWget contains two vulnerabilities, a stack overflow and a heap\n\t overflow, in the handling of HTTP chunked encoding. By convincing\n\t a user to download a specific link over HTTP, an attacker may be\n\t able to execute arbitrary code with the privileges of the user.\n\t \n\n", "published": "2017-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/d77ceb8c-bb13-11e7-8357-3065ec6f3643.html", "cvelist": ["CVE-2017-13090"], "lastseen": "2017-11-18T12:32:51"}], "zdt": [{"id": "1337DAY-ID-29067", "type": "zdt", "title": "Wget HTTP integer overflow Exploit", "description": "Exploit for linux platform in category dos / poc", "published": "2017-11-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/29067", "cvelist": ["CVE-2017-13089"], "lastseen": "2018-02-17T21:27:51"}], "nessus": [{"id": "FREEBSD_PKG_09849E71BB1211E783573065EC6F3643.NASL", "type": "nessus", "title": "FreeBSD : wget -- Stack overflow in HTTP protocol handling (09849e71-bb12-11e7-8357-3065ec6f3643)", "description": "Antti Levomaki, Christian Jalio, Joonas Pihlaja :\n\nWget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of the user.", "published": "2017-10-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104226", "cvelist": ["CVE-2017-13089"], "lastseen": "2018-02-01T02:54:28"}, {"id": "CENTOS_RHSA-2017-3075.NASL", "type": "nessus", "title": "CentOS 7 : wget (CESA-2017:3075)", "description": "An update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.", "published": "2017-10-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104218", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-01-26T13:01:37"}, {"id": "FEDORA_2017-DE8A421DCD.NASL", "type": "nessus", "title": "Fedora 25 : wget (2017-de8a421dcd)", "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-11-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104609", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-02-04T11:08:51"}, {"id": "ALA_ALAS-2017-916.NASL", "type": "nessus", "title": "Amazon Linux AMI : wget (ALAS-2017-916)", "description": "Heap-based buffer overflow in HTTP protocol handling\n\nA heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. (CVE-2017-13090)\n\nStack-based buffer overflow in HTTP protocol handling\n\nA stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. (CVE-2017-13089)", "published": "2017-10-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104182", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-04-19T07:45:41"}, {"id": "ORACLELINUX_ELSA-2017-3075.NASL", "type": "nessus", "title": "Oracle Linux 7 : wget (ELSA-2017-3075)", "description": "From Red Hat Security Advisory 2017:3075 :\n\nAn update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.", "published": "2017-10-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104200", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-02-02T05:33:55"}, {"id": "SL_20171026_WGET_ON_SL7_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : wget on SL7.x x86_64", "description": "Security Fix(es) :\n\n - A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)", "published": "2017-10-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104207", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-01-27T02:59:50"}, {"id": "REDHAT-RHSA-2017-3075.NASL", "type": "nessus", "title": "RHEL 7 : wget (RHSA-2017:3075)", "description": "An update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.", "published": "2017-10-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104205", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-01-26T13:00:31"}, {"id": "DEBIAN_DLA-1149.NASL", "type": "nessus", "title": "Debian DLA-1149-1 : wget security update", "description": "CVE-2017-13089 Fix stack overflow in HTTP protocol handling.\n\nCVE-2017-13090 Fix heap overflow in HTTP protocol handling.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.13.4-3+deb7u5.\n\nWe recommend that you upgrade your wget packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-10-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104221", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-01-30T01:10:07"}, {"id": "SLACKWARE_SSA_2017-300-02.NASL", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : wget (SSA:2017-300-02)", "description": "New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.", "published": "2017-10-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104216", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-01-27T03:03:58"}, {"id": "SUSE_SU-2017-2871-2.NASL", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2017:2871-2)", "description": "This update for wget fixes the following security issues :\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for negative remaining_chunk_size in skip_short_body and fd_read_body could cause stack-based buffer overflows, which could have been exploited by malicious servers.\n (bsc#1064715,bsc#1064716)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-11-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104650", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-02-01T02:53:32"}], "amazon": [{"id": "ALAS-2017-916", "type": "amazon", "title": "Important: wget", "description": "**Issue Overview:**\n\nHeap-based buffer overflow in HTTP protocol handling \nA heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ([CVE-2017-13090 __](<https://access.redhat.com/security/cve/CVE-2017-13090>))\n\nStack-based buffer overflow in HTTP protocol handling \nA stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ([CVE-2017-13089 __](<https://access.redhat.com/security/cve/CVE-2017-13089>))\n\n \n**Affected Packages:** \n\n\nwget\n\n \n**Issue Correction:** \nRun _yum update wget_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n wget-debuginfo-1.18-3.28.amzn1.i686 \n wget-1.18-3.28.amzn1.i686 \n \n src: \n wget-1.18-3.28.amzn1.src \n \n x86_64: \n wget-1.18-3.28.amzn1.x86_64 \n wget-debuginfo-1.18-3.28.amzn1.x86_64 \n \n \n", "published": "2017-10-26T19:41:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://alas.aws.amazon.com/ALAS-2017-916.html", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-10-27T02:53:36"}], "oraclelinux": [{"id": "ELSA-2017-3075", "type": "oraclelinux", "title": "wget security update", "description": "[1.14-15.1]\n- Fixed various security flaws (CVE-2017-13089, CVE-2017-13090)", "published": "2017-10-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3075.html", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-11-18T12:35:32"}], "openvas": [{"id": "OPENVAS:1361412562310873772", "type": "openvas", "title": "Fedora Update for wget FEDORA-2017-de8a421dcd", "description": "Check the version of wget", "published": "2017-11-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873772", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-12-04T11:32:00"}, {"id": "OPENVAS:1361412562310873726", "type": "openvas", "title": "Fedora Update for wget FEDORA-2017-10fbce01ec", "description": "Check the version of wget", "published": "2017-11-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873726", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-12-04T11:32:01"}, {"id": "OPENVAS:1361412562310891149", "type": "openvas", "title": "Debian LTS Advisory ([SECURITY] [DLA 1149-1] wget security update)", "description": "CVE-2017-13089\nFix stack overflow in HTTP protocol handling.\n\nCVE-2017-13090\nFix heap overflow in HTTP protocol handling.", "published": "2018-02-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891149", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-03-29T18:47:57"}, {"id": "OPENVAS:1361412562310704008", "type": "openvas", "title": "Debian Security Advisory DSA 4008-1 (wget - security update)", "description": "Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen\ndiscovered two buffer overflows in the HTTP protocol handler of the Wget\ndownload tool, which could result in the execution of arbitrary code\nwhen connecting to a malicious HTTP server.", "published": "2017-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704008", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-11-24T15:18:47"}, {"id": "OPENVAS:1361412562310812056", "type": "openvas", "title": "RedHat Update for wget RHSA-2017:3075-01", "description": "Check the version of wget", "published": "2017-10-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812056", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-11-24T15:18:48"}, {"id": "OPENVAS:1361412562310873582", "type": "openvas", "title": "Fedora Update for wget FEDORA-2017-f0b3231763", "description": "Check the version of wget", "published": "2017-11-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873582", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-11-24T15:18:47"}, {"id": "OPENVAS:1361412562310882793", "type": "openvas", "title": "CentOS Update for wget CESA-2017:3075 centos7 ", "description": "Check the version of wget", "published": "2017-10-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882793", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-11-24T15:18:46"}, {"id": "OPENVAS:1361412562310851637", "type": "openvas", "title": "SuSE Update for wget openSUSE-SU-2017:2884-1 (wget)", "description": "Check the version of wget", "published": "2017-10-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851637", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-12-12T11:23:15"}, {"id": "OPENVAS:1361412562310843351", "type": "openvas", "title": "Ubuntu Update for wget USN-3464-1", "description": "Check the version of wget", "published": "2017-10-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843351", "cvelist": ["CVE-2017-6508", "CVE-2017-13089", "CVE-2017-13090", "CVE-2016-7098"], "lastseen": "2017-11-24T15:18:51"}], "centos": [{"id": "CESA-2017:3075", "type": "centos", "title": "wget security update", "description": "**CentOS Errata and Security Advisory** CESA-2017:3075\n\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-October/022609.html\n\n**Affected packages:**\nwget\n\n**Upstream details at:**\n", "published": "2017-10-27T11:02:39", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2017-October/022609.html", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-11-18T12:42:32"}], "gentoo": [{"id": "GLSA-201711-06", "type": "gentoo", "title": "GNU Wget: Multiple vulnerabilities", "description": "### Background\n\nGNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Wget. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker, by enticing a user to connect to a malicious server, could remotely execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wget users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/wget-1.19.1-r2\"", "published": "2017-11-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://security.gentoo.org/glsa/201711-06", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-11-11T18:33:44"}], "suse": [{"id": "SUSE-SU-2017:2871-2", "type": "suse", "title": "Security update for wget (important)", "description": "This update for wget fixes the following security issues:\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for negative\n remaining_chunk_size in skip_short_body and fd_read_body could cause\n stack buffer overflows, which could have been exploited by malicious\n servers. (bsc#1064715,bsc#1064716)\n\n", "published": "2017-11-16T15:08:57", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00027.html", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-11-16T18:33:46"}, {"id": "SUSE-SU-2017:2871-1", "type": "suse", "title": "Security update for wget (important)", "description": "This update for wget fixes the following security issues:\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for negative\n remaining_chunk_size in skip_short_body and fd_read_body could cause\n stack buffer overflows, which could have been exploited by malicious\n servers. (bsc#1064715,bsc#1064716)\n\n", "published": "2017-10-27T18:53:31", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00078.html", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-10-27T20:32:02"}, {"id": "OPENSUSE-SU-2017:2884-1", "type": "suse", "title": "Security update for wget (important)", "description": "This update for wget fixes the following security issues:\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for negative\n remaining_chunk_size in skip_short_body and fd_read_body could cause\n stack buffer overflows, which could have been exploited by malicious\n servers. (bsc#1064715,bsc#1064716)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "published": "2017-10-28T00:14:14", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00081.html", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-10-28T02:32:02"}], "redhat": [{"id": "RHSA-2017:3075", "type": "redhat", "title": "(RHSA-2017:3075) Important: wget security update", "description": "The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.", "published": "2017-10-26T20:09:21", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:3075", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-04-15T14:24:51"}], "debian": [{"id": "DSA-4008", "type": "debian", "title": "wget -- security update", "description": "Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.\n\nFor the oldstable distribution (jessie), these problems have been fixed in version 1.16-1+deb8u4.\n\nFor the stable distribution (stretch), these problems have been fixed in version 1.18-5+deb9u1.\n\nWe recommend that you upgrade your wget packages.", "published": "2017-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-4008", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2017-12-09T15:29:39"}], "slackware": [{"id": "SSA-2017-300-02", "type": "slackware", "title": "wget", "description": "New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/wget-1.19.2-i586-1_slack14.2.txz: Upgraded.\n This update fixes stack and heap overflows in in HTTP protocol handling.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/wget-1.19.2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/wget-1.19.2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/wget-1.19.2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/wget-1.19.2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/wget-1.19.2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/wget-1.19.2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wget-1.19.2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wget-1.19.2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wget-1.19.2-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wget-1.19.2-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wget-1.19.2-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wget-1.19.2-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wget-1.19.2-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wget-1.19.2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n6a2fdea44aeb773a883b8179fa05f8dd wget-1.19.2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n1cbdea2a72f55841ec7497a33a4050d2 wget-1.19.2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n2b931c21e366f28c3ec3d566895808e1 wget-1.19.2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n3a0040373718b879ff81a590821cc957 wget-1.19.2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n63e6d6396de6264109fc5db75a89a1fa wget-1.19.2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n19a525ee83e14446902d4bb4fe0850c8 wget-1.19.2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nc57618f9fa8a13d00989ebf03622803b wget-1.19.2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4d0fecab36336e9b00f841881852a619 wget-1.19.2-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nb32791160dcf03d91721644a2d997c03 wget-1.19.2-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nc534b54abed76e5bb452f06cb3fd0f7e wget-1.19.2-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n1d20fe71cba764a5fd516329b3c84043 wget-1.19.2-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n52f27f37dc54642f430790ba1f7ba5db wget-1.19.2-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc528ea9f78c9658d620951fe575e2757 n/wget-1.19.2-i586-1.txz\n\nSlackware x86_64 -current package:\nd3bdaa039410b993ac729bf88c80905f n/wget-1.19.2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg wget-1.19.2-i586-1_slack14.2.txz", "published": "2017-10-27T13:55:58", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.534644", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "lastseen": "2018-02-02T18:11:30"}], "cloudfoundry": [{"id": "CFOUNDRY:6B20128629C77D85690FBF074EA87264", "type": "cloudfoundry", "title": "USN-3464-1: Wget vulnerabilities - Cloud Foundry", "description": "USN-3464-1: Wget vulnerabilities\n\n# \n\n**Medium**\n\n# Vendor\n\n**Canonical Ubuntu**\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nAntti Levom\u00e4ki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2017-13089](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13089>), [CVE-2017-13090](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13090>))\n\nDawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. ([CVE-2016-7098](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7098>))\n\nOrange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. ([CVE-2017-6508](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6508>))\n\n# Affected Cloud Foundry Products and Versions\n\n**_Severity is medium unless otherwise noted._**\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3421.x versions prior to 3421.32\n * 3445.x versions prior to 3445.17\n * 3468.x versions prior to 3468.11\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.165.0\n\n# Mitigation\n\n**OSS users are strongly encouraged to follow one of the mitigations below:**\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3421.x versions prior to 3421.32\n * Upgrade 3445.x versions prior to 3445.17\n * Upgrade 3468.x versions prior to 3468.11\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.165.0 or later.\n\n# References\n\n * [USN-3464-1](<http://www.ubuntu.com/usn/usn-3464-1/>)\n * [CVE-2017-13089](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13089>)\n * [CVE-2017-13090](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13090>)\n * [CVE-2016-7098](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7098>)\n * [CVE-2017-6508](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6508>)\n", "published": "2017-11-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.cloudfoundry.org/blog/usn-3464-1/", "cvelist": ["CVE-2017-6508", "CVE-2017-13089", "CVE-2017-13090", "CVE-2016-7098"], "lastseen": "2018-01-12T14:52:56"}], "ubuntu": [{"id": "USN-3464-2", "type": "ubuntu", "title": "Wget vulnerabilities", "description": "USN-3464-1 fixed several vulnerabilities in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nAntti Levom\u00c3\u00a4ki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nDawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098)\n\nOrange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508)", "published": "2017-10-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/3464-2/", "cvelist": ["CVE-2017-6508", "CVE-2017-13089", "CVE-2017-13090", "CVE-2016-7098"], "lastseen": "2018-03-29T18:19:39"}, {"id": "USN-3464-1", "type": "ubuntu", "title": "Wget vulnerabilities", "description": "Antti Levom\u00c3\u00a4ki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nDawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098)\n\nOrange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508)", "published": "2017-10-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/3464-1/", "cvelist": ["CVE-2017-6508", "CVE-2017-13089", "CVE-2017-13090", "CVE-2016-7098"], "lastseen": "2018-03-29T18:20:57"}]}}