Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310842802HistoryJun 21, 2016 - 12:00 a.m.
Ubuntu: Security Advisory (USN-3012-1)
2016-06-2100:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
12
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.953 High
EPSS
Percentile
99.3%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.842802");
script_cve_id("CVE-2016-4971");
script_tag(name:"creation_date", value:"2016-06-21 03:48:01 +0000 (Tue, 21 Jun 2016)");
script_version("2024-02-02T05:06:05+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-07-01 15:13:51 +0000 (Fri, 01 Jul 2016)");
script_name("Ubuntu: Security Advisory (USN-3012-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(12\.04\ LTS|14\.04\ LTS|15\.10|16\.04\ LTS)");
script_xref(name:"Advisory-ID", value:"USN-3012-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-3012-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'wget' package(s) announced via the USN-3012-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Dawid Golunski discovered that Wget incorrectly handled filenames when
being redirected from an HTTP to an FTP URL. A malicious server could
possibly use this issue to overwrite local files.");
script_tag(name:"affected", value:"'wget' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.10, Ubuntu 16.04.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU12.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"wget", ver:"1.13.4-2ubuntu1.4", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU14.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"wget", ver:"1.15-1ubuntu1.14.04.2", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU15.10") {
if(!isnull(res = isdpkgvuln(pkg:"wget", ver:"1.16.1-1ubuntu1.1", rls:"UBUNTU15.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"wget", ver:"1.17.1-1ubuntu1.1", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS 2.0 SP1 : wget (EulerOS-SA-2016-1064)
2017-05-01 00:00:00
Fedora 23 : wget (2016-2db8cbc2fd)
2016-07-14 00:00:00
CentOS 7 : wget (CESA-2016:2587)
2016-11-28 00:00:00
redhatcve
redhatcve
CVE-2016-4971
2016-06-14 08:18:41
zdt
zdt
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution
2016-07-06 00:00:00
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution Exploit (2)
2021-04-30 00:00:00
amazon
amazon
Medium: wget
2016-07-14 16:30:00
openvas
openvas
Debian: Security Advisory (DLA-536-1)
2023-03-08 00:00:00
Fedora Update for wget FEDORA-2016-24135dfe43
2016-06-19 00:00:00
Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2016-1064)
2020-01-23 00:00:00
cve
cve
CVE-2016-4971
2016-06-30 17:59:00
gentoo
gentoo
GNU Wget: Multiple vulnerabilities
2016-10-29 00:00:00
exploitpack
exploitpack
GNU Wget 1.18 - Arbitrary File Upload Remote Code Execution
2016-07-06 00:00:00
osv
osv
CVE-2016-4971
2016-06-30 17:59:00
wget - security update
2016-06-30 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: wget-1.18-1.fc24
2016-06-18 19:04:34
[SECURITY] Fedora 23 Update: wget-1.18-1.fc23
2016-06-17 16:02:22
[SECURITY] Fedora 22 Update: wget-1.18-1.fc22
2016-06-18 04:19:51
archlinux
archlinux
wget: arbitrary file overwrite
2016-06-20 00:00:00
f5
f5
SOL55181425 - Wget vulnerability CVE-2016-4971
2016-07-13 00:00:00
K55181425 : Wget vulnerability CVE-2016-4971
2016-07-13 00:00:00
ubuntu
ubuntu
Wget vulnerability
2016-06-20 00:00:00
cloudfoundry
cloudfoundry
USN-3012-1 Wget vulnerability | Cloud Foundry
2016-07-13 00:00:00
ubuntucve
ubuntucve
CVE-2016-4971
2016-06-10 00:00:00
debiancve
debiancve
CVE-2016-4971
2016-06-30 17:59:00
packetstorm
packetstorm
GNU Wget Arbitrary File Upload / Potential Remote Code Execution
2016-07-06 00:00:00
GNU wget Arbitrary File Upload / Code Execution
2021-04-30 00:00:00
ibm
ibm
alpinelinux
alpinelinux
CVE-2016-4971
2016-06-30 17:59:00
slackware
slackware
[slackware-security] wget
2016-06-13 07:12:06
checkpoint_advisories
checkpoint_advisories
GNU wget HTTP Redirect Arbitrary File Overwrite (CVE-2016-4971)
2016-07-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2016-06-30 17:59:00
redhat
redhat
(RHSA-2016:2587) Moderate: wget security and bug fix update
2016-11-03 06:07:15
debian
debian
[SECURITY] [DLA 536-1] wget security update
2016-06-30 20:12:28
centos
centos
wget security update
2016-11-25 15:51:17
paloalto
paloalto
WGET Vulnerability
2017-05-23 03:00:03
freebsd
freebsd
wget -- HTTP to FTP redirection file name confusion vulnerability
2016-06-09 00:00:00
exploitdb
exploitdb
GNU Wget < 1.18 - Arbitrary File Upload (2)
2021-04-30 00:00:00
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution
2016-07-06 00:00:00
oraclelinux
oraclelinux
wget security and bug fix update
2016-11-09 00:00:00
mageia
mageia
Updated wget packages fix security vulnerability
2016-09-28 08:59:24
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.953 High
EPSS
Percentile
99.3%
Related for OPENVAS:1361412562310842802