ID OPENVAS:1361412562310875400 Type openvas Reporter Copyright (C) 2019 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2019_d1b5cf0055_wget_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $
#
# Fedora Update for wget FEDORA-2019-d1b5cf0055
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.875400");
script_version("$Revision: 14223 $");
script_cve_id("CVE-2018-20483", "CVE-2018-0494");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2019-01-12 04:03:56 +0100 (Sat, 12 Jan 2019)");
script_name("Fedora Update for wget FEDORA-2019-d1b5cf0055");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2019 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC28");
script_xref(name:"FEDORA", value:"2019-d1b5cf0055");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAM3YR42PN36LOMRP6DSTKSDQECD5XBO");
script_tag(name:"summary", value:"The remote host is missing an update for the
'wget' package(s) announced via the FEDORA-2019-d1b5cf0055 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is
present on the target host.");
script_tag(name:"affected", value:"wget on Fedora 28.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC28")
{
if ((res = isrpmvuln(pkg:"wget", rpm:"wget~1.20.1~1.fc28", rls:"FC28")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310875400", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for wget FEDORA-2019-d1b5cf0055", "description": "The remote host is missing an update for the\n ", "published": "2019-01-12T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875400", "reporter": "Copyright (C) 2019 Greenbone Networks GmbH", "references": ["2019-d1b5cf0055", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAM3YR42PN36LOMRP6DSTKSDQECD5XBO"], "cvelist": ["CVE-2018-0494", "CVE-2018-20483"], "lastseen": "2019-05-29T18:32:17", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-20483", "CVE-2018-0494"]}, {"type": "fedora", "idList": ["FEDORA:1324F60D30E4", "FEDORA:48680605A28F", "FEDORA:D8E6160F62FB", "FEDORA:028E16051CDC", "FEDORA:F333B60525B6", "FEDORA:C2B146042816", "FEDORA:046E16076016", "FEDORA:8EA746050C5D", "FEDORA:876686076974", "FEDORA:995AF61F9AAB"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310875557", "OPENVAS:1361412562311220191663", "OPENVAS:1361412562310875707", "OPENVAS:1361412562311220181342", "OPENVAS:1361412562311220181316", "OPENVAS:1361412562310851759", "OPENVAS:1361412562310852242", "OPENVAS:1361412562311220191085", "OPENVAS:1361412562310874448", "OPENVAS:1361412562311220181348"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_A737EB115CFC11E9AB878CEC4BF8FCFB.NASL", "OPENSUSE-2019-57.NASL", "FEDORA_2019-088875C43A.NASL", "SUSE_SU-2019-0093-1.NASL", "FEDORA_2019-427A0BA9E3.NASL", "GENTOO_GLSA-201903-08.NASL", "UBUNTU_USN-3943-1.NASL", "ALA_ALAS-2019-1151.NASL", "FEDORA_2019-D1B5CF0055.NASL", "EULEROS_SA-2019-1663.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1383-1", "OPENSUSE-SU-2019:0057-1"]}, {"type": "freebsd", "idList": ["A737EB11-5CFC-11E9-AB87-8CEC4BF8FCFB", "7B5A8E3B-52CC-11E8-8C7A-9C5C8E75236A"]}, {"type": "gentoo", "idList": ["GLSA-201806-01", "GLSA-201903-08"]}, {"type": "amazon", "idList": ["ALAS-2018-1040", "ALAS-2019-1151", "ALAS2-2018-1121"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:BEC29068FF9B9E9E3C72A65C1CB6D172", "CFOUNDRY:9A995523D48657F85E3291B54E0314EF"]}, {"type": "ubuntu", "idList": ["USN-3943-1", "USN-3643-2", "USN-3643-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147517"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:36C15641F65FD8A3C0901566DC9D3B51"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1375-1:AA95E", "DEBIAN:DSA-4195-1:B342C"]}, {"type": "centos", "idList": ["CESA-2018:3052"]}, {"type": "slackware", "idList": ["SSA-2018-129-02"]}, {"type": "redhat", "idList": ["RHSA-2019:3701", "RHSA-2018:3052"]}, {"type": "exploitdb", "idList": ["EDB-ID:44601"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3052", "ELSA-2019-3701"]}], "modified": "2019-05-29T18:32:17", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2019-05-29T18:32:17", "rev": 2}, "vulnersScore": 7.2}, "pluginID": "1361412562310875400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2019_d1b5cf0055_wget_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for wget FEDORA-2019-d1b5cf0055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875400\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-20483\", \"CVE-2018-0494\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-01-12 04:03:56 +0100 (Sat, 12 Jan 2019)\");\n script_name(\"Fedora Update for wget FEDORA-2019-d1b5cf0055\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d1b5cf0055\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QAM3YR42PN36LOMRP6DSTKSDQECD5XBO\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'wget' package(s) announced via the FEDORA-2019-d1b5cf0055 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"affected\", value:\"wget on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.20.1~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T20:25:40", "description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-26T18:29:00", "title": "CVE-2018-20483", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20483"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2018-20483", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20483", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T20:25:29", "description": "GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \\r\\n sequence in a continuation line.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-06T22:29:00", "title": "CVE-2018-0494", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0494"], "modified": "2019-03-15T01:22:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-0494", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0494", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494", "CVE-2018-20483"], "description": "GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. ", "modified": "2019-01-11T03:00:35", "published": "2019-01-11T03:00:35", "id": "FEDORA:1324F60D30E4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: wget-1.20.1-1.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494", "CVE-2018-20483", "CVE-2019-5953"], "description": "GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. ", "modified": "2019-04-09T01:14:38", "published": "2019-04-09T01:14:38", "id": "FEDORA:C2B146042816", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: wget-1.20.3-1.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20483"], "description": "GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. ", "modified": "2019-01-04T02:58:08", "published": "2019-01-04T02:58:08", "id": "FEDORA:48680605A28F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: wget-1.20.1-1.fc29", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20483", "CVE-2019-5953"], "description": "GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. ", "modified": "2019-04-08T01:54:02", "published": "2019-04-08T01:54:02", "id": "FEDORA:F333B60525B6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: wget-1.20.3-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. ", "modified": "2018-05-11T21:15:59", "published": "2018-05-11T21:15:59", "id": "FEDORA:028E16051CDC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: wget-1.19.5-1.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-20483"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2019-01-24T04:34:18", "published": "2019-01-24T04:34:18", "id": "FEDORA:876686076974", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-7.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090", "CVE-2018-0494"], "description": "GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. ", "modified": "2018-05-13T19:52:51", "published": "2018-05-13T19:52:51", "id": "FEDORA:046E16076016", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: wget-1.19.5-1.fc26", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090", "CVE-2018-0494"], "description": "GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. ", "modified": "2018-05-13T20:18:25", "published": "2018-05-13T20:18:25", "id": "FEDORA:8EA746050C5D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: wget-1.19.5-1.fc27", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2019-02-12T02:58:21", "published": "2019-02-12T02:58:21", "id": "FEDORA:D8E6160F62FB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-8.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5435", "CVE-2019-5436"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2019-06-09T02:58:45", "published": "2019-06-09T02:58:45", "id": "FEDORA:995AF61F9AAB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-11.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0494", "CVE-2019-5953", "CVE-2018-20483"], "description": "The remote host is missing an update for the\n ", "modified": "2019-05-23T00:00:00", "published": "2019-04-09T00:00:00", "id": "OPENVAS:1361412562310875557", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875557", "type": "openvas", "title": "Fedora Update for wget FEDORA-2019-9f891cd83a", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875557\");\n script_version(\"2019-05-23T07:06:55+0000\");\n script_cve_id(\"CVE-2019-5953\", \"CVE-2018-20483\", \"CVE-2018-0494\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-23 07:06:55 +0000 (Thu, 23 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-09 02:08:16 +0000 (Tue, 09 Apr 2019)\");\n script_name(\"Fedora Update for wget FEDORA-2019-9f891cd83a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-9f891cd83a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZR6YPWTC5IWG76BB32TNYCGQQBONYLII\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'wget' package(s) announced via the FEDORA-2019-9f891cd83a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"GNU Wget is a file retrieval utility which\n can use either the HTTP or FTP protocols. Wget features include the ability to work\n in the background while you are logged out, recursive retrieval of directories,\n file name wildcard matching, remote file timestamp storage and comparison, use of\n Rest with FTP servers and Range with HTTP servers to retrieve files over slow or\n unstable connections, support for Proxy servers, and configurability.\");\n\n script_tag(name:\"affected\", value:\"'wget' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.20.3~1.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:53:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-01-18T00:00:00", "id": "OPENVAS:1361412562310852242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852242", "type": "openvas", "title": "openSUSE: Security Advisory for wget (openSUSE-SU-2019:0057-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852242\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-20483\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-18 04:02:49 +0100 (Fri, 18 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for wget (openSUSE-SU-2019:0057-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0057-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00020.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wget'\n package(s) announced via the openSUSE-SU-2019:0057-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for wget fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-20483: Fixed an information disclosure through file metadata\n (bsc#1120382)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-57=1\");\n\n script_tag(name:\"affected\", value:\"wget on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.5~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wget-debuginfo\", rpm:\"wget-debuginfo~1.19.5~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wget-debugsource\", rpm:\"wget-debugsource~1.19.5~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:41:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191663", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1663)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1663\");\n script_version(\"2020-01-23T12:19:19+0000\");\n script_cve_id(\"CVE-2018-20483\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:19:19 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:19:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1663)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1663\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1663\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wget' package(s) announced via the EulerOS-SA-2019-1663 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\");\n\n script_tag(name:\"affected\", value:\"'wget' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.5~5.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-5953", "CVE-2018-20483"], "description": "The remote host is missing an update for the ", "modified": "2019-05-23T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875707", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875707", "type": "openvas", "title": "Fedora Update for wget FEDORA-2019-7a0497cbc2", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875707\");\n script_version(\"2019-05-23T07:06:55+0000\");\n script_cve_id(\"CVE-2019-5953\", \"CVE-2018-20483\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-23 07:06:55 +0000 (Thu, 23 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:17:09 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for wget FEDORA-2019-7a0497cbc2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7a0497cbc2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMT57ZCO64CMWPL3GJHETAZKOZSWHKGU\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wget'\n package(s) announced via the FEDORA-2019-7a0497cbc2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GNU Wget is a file retrieval utility which can use either the HTTP or\nFTP protocols. Wget features include the ability to work in the\nbackground while you are logged out, recursive retrieval of\ndirectories, file name wildcard matching, remote file timestamp\nstorage and comparison, use of Rest with FTP servers and Range with\nHTTP servers to retrieve files over slow or unstable connections,\nsupport for Proxy servers, and configurability.\");\n\n script_tag(name:\"affected\", value:\"'wget' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.20.3~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0494"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310843780", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843780", "type": "openvas", "title": "Ubuntu Update for wget USN-3643-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3643_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for wget USN-3643-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843780\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-0494\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:18:39 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for wget USN-3643-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3643-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3643-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wget'\n package(s) announced via the USN-3643-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Wget incorrectly handled certain inputs.\nAn attacker could possibly use this to inject arbitrary cookie values.\");\n\n script_tag(name:\"affected\", value:\"wget on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"wget\", ver:\"1.15-1ubuntu1.14.04.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"wget\", ver:\"1.19.1-3ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"wget\", ver:\"1.19.4-1ubuntu2.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"wget\", ver:\"1.17.1-1ubuntu1.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:33:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0494"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191165", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191165", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1165)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1165\");\n script_version(\"2020-01-23T11:33:26+0000\");\n script_cve_id(\"CVE-2018-0494\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:33:26 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:33:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1165)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1165\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1165\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wget' package(s) announced via the EulerOS-SA-2019-1165 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.CVE-2018-0494\");\n\n script_tag(name:\"affected\", value:\"'wget' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.14~15.1.h2\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:35:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0494"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191085", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1085)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1085\");\n script_version(\"2020-01-23T11:30:44+0000\");\n script_cve_id(\"CVE-2018-0494\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:30:44 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:30:44 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1085)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1085\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1085\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wget' package(s) announced via the EulerOS-SA-2019-1085 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \\r\\n sequence in a continuation line.(CVE-2018-0494)\");\n\n script_tag(name:\"affected\", value:\"'wget' package(s) on Huawei EulerOS Virtualization 2.5.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.14~15.1.h2\", rls:\"EULEROSVIRT-2.5.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0494"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-16T00:00:00", "id": "OPENVAS:1361412562310874448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874448", "type": "openvas", "title": "Fedora Update for wget FEDORA-2018-11b37d7a68", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_11b37d7a68_wget_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for wget FEDORA-2018-11b37d7a68\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874448\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-16 05:51:01 +0200 (Wed, 16 May 2018)\");\n script_cve_id(\"CVE-2018-0494\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for wget FEDORA-2018-11b37d7a68\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wget'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"wget on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-11b37d7a68\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MX5YMYQISWVMXJ46Y7BKLEOUECM7DHNY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.5~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:40:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0494"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181342", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2018-1342)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1342\");\n script_version(\"2020-01-23T11:22:32+0000\");\n script_cve_id(\"CVE-2018-0494\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:22:32 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:22:32 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2018-1342)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1342\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1342\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wget' package(s) announced via the EulerOS-SA-2018-1342 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.(CVE-2018-0494)\");\n\n script_tag(name:\"affected\", value:\"'wget' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.14~10.3.h3\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:36:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0494"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181348", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181348", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2018-1348)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1348\");\n script_version(\"2020-01-23T11:23:00+0000\");\n script_cve_id(\"CVE-2018-0494\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:23:00 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:23:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2018-1348)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1348\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1348\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wget' package(s) announced via the EulerOS-SA-2018-1348 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.(CVE-2018-0494)\");\n\n script_tag(name:\"affected\", value:\"'wget' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.14~10.3.h3\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2020-09-23T16:46:46", "description": "This update for wget fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-20483: Fixed an information disclosure through\n file metadata (bsc#1120382)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-22T00:00:00", "title": "openSUSE Security Update : wget (openSUSE-2019-57)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "modified": "2019-01-22T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:wget-debuginfo", "p-cpe:/a:novell:opensuse:wget", "p-cpe:/a:novell:opensuse:wget-debugsource"], "id": "OPENSUSE-2019-57.NASL", "href": "https://www.tenable.com/plugins/nessus/121284", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-57.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121284);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-20483\");\n\n script_name(english:\"openSUSE Security Update : wget (openSUSE-2019-57)\");\n script_summary(english:\"Check for the openSUSE-2019-57 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wget fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-20483: Fixed an information disclosure through\n file metadata (bsc#1120382)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120382\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wget-1.19.5-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wget-debuginfo-1.19.5-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wget-debugsource-1.19.5-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget / wget-debuginfo / wget-debugsource\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-18T00:02:54", "description": "Update to upstream release 1.20.1 to fix CVE-2018-20483.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-11T00:00:00", "title": "Fedora 28 : wget (2019-d1b5cf0055)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "modified": "2019-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-D1B5CF0055.NASL", "href": "https://www.tenable.com/plugins/nessus/121086", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d1b5cf0055.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121086);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2018-20483\");\n script_xref(name:\"FEDORA\", value:\"2019-d1b5cf0055\");\n\n script_name(english:\"Fedora 28 : wget (2019-d1b5cf0055)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream release 1.20.1 to fix CVE-2018-20483.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d1b5cf0055\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"wget-1.20.1-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-18T03:03:58", "description": "This update for wget fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-20483: Fixed an information disclosure through file metadata\n(bsc#1120382)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-16T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : wget (SUSE-SU-2019:0093-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "modified": "2019-01-16T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wget-debugsource", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:wget-debuginfo", "p-cpe:/a:novell:suse_linux:wget"], "id": "SUSE_SU-2019-0093-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0093-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121207);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-20483\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : wget (SUSE-SU-2019:0093-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wget fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-20483: Fixed an information disclosure through file metadata\n(bsc#1120382)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20483/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190093-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32ef94df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-93=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"wget-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"wget-debuginfo-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"wget-debugsource-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"wget-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"wget-debuginfo-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"wget-debugsource-1.19.5-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T02:44:19", "description": "Gynvael Coldwind reports :\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's\norigin URL in the user.xdg.origin.url metadata attribute of the\nextended attributes of the downloaded file, which allows local users\nto obtain sensitive information (e.g., credentials contained in the\nURL) by reading this attribute, as demonstrated by getfattr. This also\napplies to Referer information in the user.xdg.referrer.url metadata\nattribute.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-15T00:00:00", "title": "FreeBSD : wget -- security flaw in caching credentials passed as a part of the URL (a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:wget"], "id": "FREEBSD_PKG_A737EB115CFC11E9AB878CEC4BF8FCFB.NASL", "href": "https://www.tenable.com/plugins/nessus/124047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124047);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2018-20483\");\n\n script_name(english:\"FreeBSD : wget -- security flaw in caching credentials passed as a part of the URL (a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gynvael Coldwind reports :\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's\norigin URL in the user.xdg.origin.url metadata attribute of the\nextended attributes of the downloaded file, which allows local users\nto obtain sensitive information (e.g., credentials contained in the\nURL) by reading this attribute, as demonstrated by getfattr. This also\napplies to Referer information in the user.xdg.referrer.url metadata\nattribute.\"\n );\n # https://vuxml.freebsd.org/freebsd/a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d74c633\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wget>=1.19<1.20.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T02:56:50", "description": "The remote host is affected by the vulnerability described in GLSA-201903-08\n(GNU Wget: Password and metadata leak)\n\n A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c.\n \nImpact :\n\n A local attacker could obtain sensitive information to include\n credentials.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-11T00:00:00", "title": "GLSA-201903-08 : GNU Wget: Password and metadata leak", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:wget"], "id": "GENTOO_GLSA-201903-08.NASL", "href": "https://www.tenable.com/plugins/nessus/122736", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201903-08.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122736);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2018-20483\");\n script_xref(name:\"GLSA\", value:\"201903-08\");\n\n script_name(english:\"GLSA-201903-08 : GNU Wget: Password and metadata leak\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201903-08\n(GNU Wget: Password and metadata leak)\n\n A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c.\n \nImpact :\n\n A local attacker could obtain sensitive information to include\n credentials.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201903-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU Wget users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/wget-1.20.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/wget\", unaffected:make_list(\"ge 1.20.1\"), vulnerable:make_list(\"lt 1.20.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU Wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T08:58:37", "description": "According to the version of the wget package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - set_file_metadata in xattr.c in GNU Wget before 1.20.1\n stores a file's origin URL in the user.xdg.origin.url\n metadata attribute of the extended attributes of the\n downloaded file, which allows local users to obtain\n sensitive information (e.g., credentials contained in\n the URL) by reading this attribute, as demonstrated by\n getfattr. This also applies to Referer information in\n the user.xdg.referrer.url metadata attribute. According\n to 2016-07-22 in the Wget ChangeLog,\n user.xdg.origin.url was partially based on the behavior\n of fwrite_xattr in tool_xattr.c in\n curl.(CVE-2018-20483)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-27T00:00:00", "title": "EulerOS 2.0 SP8 : wget (EulerOS-SA-2019-1663)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "modified": "2019-06-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wget", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1663.NASL", "href": "https://www.tenable.com/plugins/nessus/126290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126290);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20483\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : wget (EulerOS-SA-2019-1663)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wget package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - set_file_metadata in xattr.c in GNU Wget before 1.20.1\n stores a file's origin URL in the user.xdg.origin.url\n metadata attribute of the extended attributes of the\n downloaded file, which allows local users to obtain\n sensitive information (e.g., credentials contained in\n the URL) by reading this attribute, as demonstrated by\n getfattr. This also applies to Referer information in\n the user.xdg.referrer.url metadata attribute. According\n to 2016-07-22 in the Wget ChangeLog,\n user.xdg.origin.url was partially based on the behavior\n of fwrite_xattr in tool_xattr.c in\n curl.(CVE-2018-20483)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1663\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8dc3d567\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"wget-1.19.5-5.h3.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-17T23:53:30", "description": " - xattr: strip credentials from any URL that is stored\n (CVE-2018-20483)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 10, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-24T00:00:00", "title": "Fedora 29 : curl (2019-427a0ba9e3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "modified": "2019-01-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:curl"], "id": "FEDORA_2019-427A0BA9E3.NASL", "href": "https://www.tenable.com/plugins/nessus/121333", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-427a0ba9e3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121333);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-20483\");\n script_xref(name:\"FEDORA\", value:\"2019-427a0ba9e3\");\n\n script_name(english:\"Fedora 29 : curl (2019-427a0ba9e3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - xattr: strip credentials from any URL that is stored\n (CVE-2018-20483)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-427a0ba9e3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"curl-7.61.1-7.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-17T23:48:46", "description": "Update to upstream release 1.20.1 to fix CVE-2018-20483.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-07T00:00:00", "title": "Fedora 29 : wget (2019-088875c43a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20483"], "modified": "2019-01-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-088875C43A.NASL", "href": "https://www.tenable.com/plugins/nessus/120965", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-088875c43a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120965);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2018-20483\");\n script_xref(name:\"FEDORA\", value:\"2019-088875c43a\");\n\n script_name(english:\"Fedora 29 : wget (2019-088875c43a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream release 1.20.1 to fix CVE-2018-20483.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-088875c43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"wget-1.20.1-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T06:51:09", "description": "It was discovered that Wget incorrectly handled certain inputs. An\nattacker could possibly use this issue to access sensitive\ninformation. This issue only affected Ubuntu 18.04 LTS and Ubuntu\n18.10. (CVE-2018-20483)\n\nKusano Kazuhiko discovered that Wget incorrectly handled certain\ninputs. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2019-5953).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-10T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : wget vulnerabilities (USN-3943-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-5953", "CVE-2018-20483"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:wget", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3943-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123973", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3943-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123973);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2018-20483\", \"CVE-2019-5953\");\n script_xref(name:\"USN\", value:\"3943-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : wget vulnerabilities (USN-3943-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Wget incorrectly handled certain inputs. An\nattacker could possibly use this issue to access sensitive\ninformation. This issue only affected Ubuntu 18.04 LTS and Ubuntu\n18.10. (CVE-2018-20483)\n\nKusano Kazuhiko discovered that Wget incorrectly handled certain\ninputs. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2019-5953).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3943-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"wget\", pkgver:\"1.15-1ubuntu1.14.04.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"wget\", pkgver:\"1.17.1-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"wget\", pkgver:\"1.19.4-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"wget\", pkgver:\"1.19.5-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:20:11", "description": "set_file_metadata in xattr.c in GNU Wget stores a file's origin URL in\nthe user.xdg.origin.url metadata attribute of the extended attributes\nof the downloaded file, which allows local users to obtain sensitive\ninformation (e.g., credentials contained in the URL) by reading this\nattribute, as demonstrated by getfattr. This also applies to Referer\ninformation in the user.xdg.referrer.url metadata attribute. According\nto 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially\nbased on the behavior of fwrite_xattr in tool_xattr.c in\ncurl.(CVE-2018-20483)\n\nA heap-based buffer overflow has been found in the\nCurl_smtp_escape_eob() function of curl. An attacker could exploit\nthis by convincing a user to use curl to upload data over SMTP with a\nreduced buffer to cause a crash or corrupt memory.(CVE-2018-0500)", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-08T00:00:00", "title": "Amazon Linux AMI : curl (ALAS-2019-1151)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0500", "CVE-2018-20483"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "p-cpe:/a:amazon:linux:curl-debuginfo", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:curl"], "id": "ALA_ALAS-2019-1151.NASL", "href": "https://www.tenable.com/plugins/nessus/122035", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1151.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122035);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2018-0500\", \"CVE-2018-20483\");\n script_xref(name:\"ALAS\", value:\"2019-1151\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2019-1151)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"set_file_metadata in xattr.c in GNU Wget stores a file's origin URL in\nthe user.xdg.origin.url metadata attribute of the extended attributes\nof the downloaded file, which allows local users to obtain sensitive\ninformation (e.g., credentials contained in the URL) by reading this\nattribute, as demonstrated by getfattr. This also applies to Referer\ninformation in the user.xdg.referrer.url metadata attribute. According\nto 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially\nbased on the behavior of fwrite_xattr in tool_xattr.c in\ncurl.(CVE-2018-20483)\n\nA heap-based buffer overflow has been found in the\nCurl_smtp_escape_eob() function of curl. An attacker could exploit\nthis by convincing a user to use curl to upload data over SMTP with a\nreduced buffer to cause a crash or corrupt memory.(CVE-2018-0500)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1151.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.61.1-7.91.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.61.1-7.91.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.61.1-7.91.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.61.1-7.91.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-01-18T04:04:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20483"], "description": "This update for wget fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-20483: Fixed an information disclosure through file metadata\n (bsc#1120382)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-01-18T00:09:18", "published": "2019-01-18T00:09:18", "id": "OPENSUSE-SU-2019:0057-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00020.html", "title": "Security update for wget (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-05-23T16:21:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "This update for wget fixes the following issues:\n\n - CVE-2018-0494: Fixed a cookie injection vulnerability by checking for\n and joining continuation lines. (bsc#1092061)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-05-23T15:09:25", "published": "2018-05-23T15:09:25", "id": "OPENSUSE-SU-2018:1383-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00092.html", "title": "Security update for wget (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2019-03-11T01:51:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20483"], "description": "### Background\n\nGNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. \n\n### Description\n\nA vulnerability was discovered in GNU Wget\u2019s file_metadata in xattr.c.\n\n### Impact\n\nA local attacker could obtain sensitive information to include credentials. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU Wget users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/wget-1.20.1\"", "edition": 1, "modified": "2019-03-10T00:00:00", "published": "2019-03-10T00:00:00", "id": "GLSA-201903-08", "href": "https://security.gentoo.org/glsa/201903-08", "title": "GNU Wget: Password and metadata leak", "type": "gentoo", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-06-14T05:45:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "### Background\n\nGNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. \n\n### Description\n\nA vulnerability was discovered in GNU Wget\u2019s resp_new function which does not validate \\r\\n sequences in continuation lines. \n\n### Impact\n\nA remote attacker could inject arbitrary cookie entry requests.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU Wget users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/wget-1.19.5\"", "edition": 1, "modified": "2018-06-13T00:00:00", "published": "2018-06-13T00:00:00", "id": "GLSA-201806-01", "href": "https://security.gentoo.org/glsa/201806-01", "title": "GNU Wget: Cookie injection", "type": "gentoo", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20483"], "description": "\nGynvael Coldwind reports:\n\n\n\t set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a\n\t file's origin URL in the user.xdg.origin.url metadata attribute\n\t of the extended attributes of the downloaded file, which allows\n\t local users to obtain sensitive information (e.g., credentials\n\t contained in the URL) by reading this attribute, as demonstrated\n\t by getfattr. This also applies to Referer information in the\n\t user.xdg.referrer.url metadata attribute.\n\t \n\n", "edition": 2, "modified": "2018-12-25T00:00:00", "published": "2018-12-25T00:00:00", "id": "A737EB11-5CFC-11E9-AB87-8CEC4BF8FCFB", "href": "https://vuxml.freebsd.org/freebsd/a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb.html", "title": "wget -- security flaw in caching credentials passed as a part of the URL", "type": "freebsd", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:31:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "\nHarry Sintonen of F-Secure Corporation reports:\n\nGNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file.\n\n", "edition": 5, "modified": "2018-04-26T00:00:00", "published": "2018-04-26T00:00:00", "id": "7B5A8E3B-52CC-11E8-8C7A-9C5C8E75236A", "href": "https://vuxml.freebsd.org/freebsd/7b5a8e3b-52cc-11e8-8c7a-9c5c8e75236a.html", "title": "wget -- cookie injection vulnerability", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:51", "bulletinFamily": "unix", "cvelist": ["CVE-2019-5953", "CVE-2018-20483"], "description": "It was discovered that Wget incorrectly handled certain inputs. \nAn attacker could possibly use this issue to access sensitive \ninformation. This issue only affected Ubuntu 18.04 LTS and \nUbuntu 18.10. (CVE-2018-20483)\n\nKusano Kazuhiko discovered that Wget incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2019-5953)", "edition": 4, "modified": "2019-04-08T00:00:00", "published": "2019-04-08T00:00:00", "id": "USN-3943-1", "href": "https://ubuntu.com/security/notices/USN-3943-1", "title": "Wget vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "USN-3643-1 fixed a vulnerability in Wget. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that Wget incorrectly handled certain inputs. \nAn attacker could possibly use this to inject arbitrary cookie values.", "edition": 7, "modified": "2018-05-09T00:00:00", "published": "2018-05-09T00:00:00", "id": "USN-3643-2", "href": "https://ubuntu.com/security/notices/USN-3643-2", "title": "Wget vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:34:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "It was discovered that Wget incorrectly handled certain inputs. \nAn attacker could possibly use this to inject arbitrary cookie values.", "edition": 6, "modified": "2018-05-09T00:00:00", "published": "2018-05-09T00:00:00", "id": "USN-3643-1", "href": "https://ubuntu.com/security/notices/USN-3643-1", "title": "Wget vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0500", "CVE-2018-20483"], "description": "**Issue Overview:**\n\nset_file_metadata in xattr.c in GNU Wget stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.([CVE-2018-20483 __](<https://access.redhat.com/security/cve/CVE-2018-20483>))\n\nA heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.([CVE-2018-0500 __](<https://access.redhat.com/security/cve/CVE-2018-0500>))\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n curl-7.61.1-7.91.amzn1.i686 \n libcurl-devel-7.61.1-7.91.amzn1.i686 \n libcurl-7.61.1-7.91.amzn1.i686 \n curl-debuginfo-7.61.1-7.91.amzn1.i686 \n \n src: \n curl-7.61.1-7.91.amzn1.src \n \n x86_64: \n libcurl-devel-7.61.1-7.91.amzn1.x86_64 \n libcurl-7.61.1-7.91.amzn1.x86_64 \n curl-debuginfo-7.61.1-7.91.amzn1.x86_64 \n curl-7.61.1-7.91.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2019-02-07T04:24:00", "published": "2019-02-07T04:24:00", "id": "ALAS-2019-1151", "href": "https://alas.aws.amazon.com/ALAS-2019-1151.html", "title": "Medium: curl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "**Issue Overview:**\n\nA cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.([CVE-2018-0494 __](<https://access.redhat.com/security/cve/CVE-2018-0494>))\n\n \n**Affected Packages:** \n\n\nwget\n\n \n**Issue Correction:** \nRun _yum update wget_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n wget-1.14-18.amzn2.aarch64 \n wget-debuginfo-1.14-18.amzn2.aarch64 \n \n i686: \n wget-1.14-18.amzn2.i686 \n wget-debuginfo-1.14-18.amzn2.i686 \n \n src: \n wget-1.14-18.amzn2.src \n \n x86_64: \n wget-1.14-18.amzn2.x86_64 \n wget-debuginfo-1.14-18.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2018-12-06T20:27:00", "published": "2018-12-06T20:27:00", "id": "ALAS2-2018-1121", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1121.html", "title": "Medium: wget", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:35:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "**Issue Overview:**\n\nA cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.([CVE-2018-0494 __](<https://access.redhat.com/security/cve/CVE-2018-0494>))\n\n \n**Affected Packages:** \n\n\nwget\n\n \n**Issue Correction:** \nRun _yum update wget_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n wget-1.18-4.29.amzn1.i686 \n wget-debuginfo-1.18-4.29.amzn1.i686 \n \n src: \n wget-1.18-4.29.amzn1.src \n \n x86_64: \n wget-debuginfo-1.18-4.29.amzn1.x86_64 \n wget-1.18-4.29.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-06-08T18:35:00", "published": "2018-06-08T18:35:00", "id": "ALAS-2018-1040", "href": "https://alas.aws.amazon.com/ALAS-2018-1040.html", "title": "Medium: wget", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "software", "cvelist": ["CVE-2019-5953", "CVE-2018-20483"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nIt was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20483)\n\nKusano Kazuhiko discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-5953)\n\nCVEs contained in this USN include: CVE-2018-20483, CVE-2019-5953\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.100\n * 3541.x versions prior to 3541.98\n * 3468.x versions prior to 3468.112\n * 3445.x versions prior to 3445.111\n * 3421.x versions prior to 3421.127\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 250.x versions prior to 250.38\n * 170.x versions prior to 170.51\n * 97.x versions prior to 97.82\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.280.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.79.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.100\n * Upgrade 3541.x versions to 3541.98\n * Upgrade 3468.x versions to 3468.112\n * Upgrade 3445.x versions to 3445.111\n * Upgrade 3421.x versions to 3421.127\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 250.x versions to 250.38\n * Upgrade 170.x versions to 170.51\n * Upgrade 97.x versions to 97.82\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.280.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.79.0 or later.\n\n# References\n\n * [USN-3943-1](<https://usn.ubuntu.com/3943-1>)\n * [CVE-2018-20483](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-20483>)\n * [CVE-2019-5953](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5953>)\n", "edition": 3, "modified": "2019-04-25T00:00:00", "published": "2019-04-25T00:00:00", "id": "CFOUNDRY:BEC29068FF9B9E9E3C72A65C1CB6D172", "href": "https://www.cloudfoundry.org/blog/usn-3943-1/", "title": "USN-3943-1: Wget vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:49", "bulletinFamily": "software", "cvelist": ["CVE-2018-0494"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.62\n * 3421.x versions prior to 3421.60\n * 3445.x versions prior to 3445.46\n * 3468.x versions prior to 3468.44\n * 3541.x versions prior to 3541.26\n * 3586.x versions prior to 3586.16\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.207.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions to 3363.62\n * Upgrade 3421.x versions to 3421.60\n * Upgrade 3445.x versions to 3445.46\n * Upgrade 3468.x versions to 3468.44\n * Upgrade 3541.x versions to 3541.26\n * Upgrade 3586.x versions to 3586.16\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.207.0 or later.\n\n# References\n\n * [USN-3643-1](<https://usn.ubuntu.com/3643-1/>)\n * [CVE-2018-0494](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0494>)\n", "edition": 6, "modified": "2018-06-05T00:00:00", "published": "2018-06-05T00:00:00", "id": "CFOUNDRY:9A995523D48657F85E3291B54E0314EF", "href": "https://www.cloudfoundry.org/blog/usn-3643-1/", "title": "USN-3643-1: Wget vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:21:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "Package : wget\nVersion : 1.13.4-3+deb7u6\nCVE ID : CVE-2018-0494\nDebian Bug : 898076\n\n\nHarry Sintonen have discovered a cookie injection vulnerability in\nwget caused by insufficient input validation, enabling an external\nattacker to inject arbitrary cookie values cookie jar file, adding new\nor replacing existing cookie values.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.13.4-3+deb7u6.\n\nWe recommend that you upgrade your wget packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "modified": "2018-05-11T07:31:51", "published": "2018-05-11T07:31:51", "id": "DEBIAN:DLA-1375-1:AA95E", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201805/msg00006.html", "title": "[SECURITY] [DLA 1375-1] wget security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-08-12T01:05:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4195-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wget\nCVE ID : CVE-2018-0494\nDebian Bug : 898076\n\nHarry Sintonen discovered that wget, a network utility to retrieve files\nfrom the web, does not properly handle '\\r\\n' from continuation lines\nwhile parsing the Set-Cookie HTTP header. A malicious web server could\nuse this flaw to inject arbitrary cookies to the cookie jar file, adding\nnew or replacing existing cookie values.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.16-1+deb8u5.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.18-5+deb9u2.\n\nWe recommend that you upgrade your wget packages.\n\nFor the detailed security status of wget please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wget\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2018-05-08T10:29:18", "published": "2018-05-08T10:29:18", "id": "DEBIAN:DSA-4195-1:B342C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00122.html", "title": "[SECURITY] [DSA 4195-1] wget security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2018-05-08T01:06:51", "description": "", "published": "2018-05-07T00:00:00", "type": "packetstorm", "title": "GNU Wget 1.19.4 Cookie Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-0494"], "modified": "2018-05-07T00:00:00", "id": "PACKETSTORM:147517", "href": "https://packetstormsecurity.com/files/147517/GNU-Wget-1.19.4-Cookie-Injection.html", "sourceData": "`GNU Wget Cookie Injection [CVE-2018-0494] \n========================================= \nThe latest version of this advisory is available at: \nhttps://sintonen.fi/advisories/gnu-wget-cookie-injection.txt \n \n \nOverview \n-------- \n \nGNU Wget is susceptible to a malicious web server injecting arbitrary cookies to \nthe cookie jar file. \n \n \nDescription \n----------- \n \nNormally a website should not be able to set cookies for other domains. Due to \ninsufficient input validation GNU Wget can be tricked into storing arbitrary cookie \nvalues to the cookie jar file, bypassing this security restriction. \n \n \nImpact \n------ \n \nAn external attacker is able to inject arbitrary cookie values cookie jar file, \nadding new or replacing existing cookie values. \n \n \nDetails \n------- \n \nThe discovered vulnerability, described in more detail below, enables the attack \ndescribed here in brief. \n \n1. The attacker controlled web site sends a specially crafted Set-Cookie -header \nto inject a new authentication cookie for example.com, replacing the existing \none. In order to be successful the victim must perform a wget operation on the \nattacker controller site, for example: \nwget --load-cookies jar.txt --save-cookies jar.txt https://evil.invalid \n2. Victim uses wget to post some secret the the api.example.com: \nwget --load-cookies jar.txt --post-file secret.txt https://example.com/upload \n \nSince the attacker was able to replace the authentication cookie for example.com, \nthe secret.txt data will be posted to attacker's account instead to that of the \nvictim. \n \n \nVulnerabilities \n--------------- \n \n1. CWE-20: Improper Input Validation in Set-Cookie parsing [CVE-2018-0494] \n \nThe cookie parsing implementation does too lax input validation when parsing the \nSet-Cookie response from the server. Consider the following malicious response: \n \nHTTP/1.1 200 OK \nContent-Length: 0 \nSet-Cookie: foo=\"bar \n.google.com TRUE / FALSE 1900000000 injected cookie \n\";expires=Thursday, 01-Jan-2032 08:00:00 GMT \n \n \nWhen parsed by Wget and stored to a cookie jar file it will appear as: \n \n# HTTP cookie file. \n# Generated by Wget on 2018-04-27 23:28:21. \n# Edit at your own risk. \n \n127.0.0.1:7777 FALSE / FALSE 1956556800 foo \"bar \n.google.com TRUE / FALSE 1900000000 injected cookie \n\" \n \nSince the Wget cookie jar parser skips any leading spaces, the .google.com line \nwill be picked up. \n \nNote: The order in which the hosts/domains are stored in the cookie jar is derived \nfrom the hashing function used to speed up the lookups. If an existing cookie is \nto be replaced the server hostname used to serve the Set-Cookie will need to be \ncarefully chosen to result in hash entry below the targeted domain. If not done, \nthe original cookie will be used instead of the injected one. \n \n \nProof of Concept \n---------------- \n \n1. Set up a minimal web server, good for 1 request: \n$ echo -ne 'HTTP/1.1 200 OK\\r\\nContent-Length: 0\\r\\nSet-Cookie: foo=\"bar\\r\\n\\x20.google.com\\tTRUE\\t/\\tFALSE\\t1900000000\\tinjected\\tcookie\\r\\n\\t\";expires=Thursday, 01-Jan-2032 08:00:00 GMT\\r\\n\\r\\n' | nc -v -l 7777 \n \n2. Fetch the evil url: \n$ wget --save-cookies jar.txt http://127.0.0.1:7777/plop \n \n3. Examine the resulting cookie jar file: \n$ cat jar.txt \n \n \nVulnerable versions \n------------------- \n \nThe following GNU Wget versions are confirmed vulnerable: \n \n- 1.7 thru 1.19.4 \n \n \nMitigation \n---------- \n \n1. Upgrade to GNU Wget 1.19.5 or later, or to appropriate security updated package \nin your distribution \n \n \nCredits \n------- \n \nThe vulnerability was discovered by Harry Sintonen / F-Secure Corporation. \n \n \nTimeline \n-------- \n \n2018.04.26 discovered & reported the vulnerability \n2018.04.27 CVE-2018-0494 assigned \n2018.05.06 GNU Wget 1.19.5 released with the fix \n2018.05.06 public disclosure of the advisory \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/147517/gnuwget-inject.txt"}], "redhat": [{"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n* wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "modified": "2018-10-30T09:23:08", "published": "2018-10-30T08:13:12", "id": "RHSA-2018:3052", "href": "https://access.redhat.com/errata/RHSA-2018:3052", "type": "redhat", "title": "(RHSA-2018:3052) Moderate: wget security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-05T23:02:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "modified": "2019-11-06T02:45:53", "published": "2019-11-06T01:52:39", "id": "RHSA-2019:3701", "href": "https://access.redhat.com/errata/RHSA-2019:3701", "type": "redhat", "title": "(RHSA-2019:3701) Moderate: curl security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "**CentOS Errata and Security Advisory** CESA-2018:3052\n\n\nThe wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n* wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2018-November/005704.html\n\n**Affected packages:**\nwget\n\n**Upstream details at:**\n", "edition": 3, "modified": "2018-11-15T18:53:41", "published": "2018-11-15T18:53:41", "id": "CESA-2018:3052", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005704.html", "title": "wget security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:17", "description": "\nGNU wget - Cookie Injection", "edition": 1, "published": "2018-05-06T00:00:00", "title": "GNU wget - Cookie Injection", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-0494"], "modified": "2018-05-06T00:00:00", "id": "EXPLOITPACK:36C15641F65FD8A3C0901566DC9D3B51", "href": "", "sourceData": "GNU Wget Cookie Injection [CVE-2018-0494]\n=========================================\nThe latest version of this advisory is available at:\nhttps://sintonen.fi/advisories/gnu-wget-cookie-injection.txt\n\n\nOverview\n--------\n\nGNU Wget is susceptible to a malicious web server injecting arbitrary cookies to\nthe cookie jar file.\n\n\nDescription\n-----------\n\nNormally a website should not be able to set cookies for other domains. Due to\ninsufficient input validation GNU Wget can be tricked into storing arbitrary cookie\nvalues to the cookie jar file, bypassing this security restriction.\n\n\nImpact\n------\n\nAn external attacker is able to inject arbitrary cookie values cookie jar file,\nadding new or replacing existing cookie values.\n\n\nDetails\n-------\n\nThe discovered vulnerability, described in more detail below, enables the attack\ndescribed here in brief.\n\n1. The attacker controlled web site sends a specially crafted Set-Cookie -header\n to inject a new authentication cookie for example.com, replacing the existing\n one. In order to be successful the victim must perform a wget operation on the\n attacker controller site, for example:\n wget --load-cookies jar.txt --save-cookies jar.txt https://evil.invalid\n2. Victim uses wget to post some secret the the api.example.com:\n wget --load-cookies jar.txt --post-file secret.txt https://example.com/upload\n\nSince the attacker was able to replace the authentication cookie for example.com,\nthe secret.txt data will be posted to attacker's account instead to that of the\nvictim.\n\n\nVulnerabilities\n---------------\n\n1. CWE-20: Improper Input Validation in Set-Cookie parsing [CVE-2018-0494]\n\nThe cookie parsing implementation does too lax input validation when parsing the\nSet-Cookie response from the server. Consider the following malicious response:\n\nHTTP/1.1 200 OK\nContent-Length: 0\nSet-Cookie: foo=\"bar\n .google.com TRUE / FALSE 1900000000 injected cookie\n \";expires=Thursday, 01-Jan-2032 08:00:00 GMT\n\n\nWhen parsed by Wget and stored to a cookie jar file it will appear as:\n\n# HTTP cookie file.\n# Generated by Wget on 2018-04-27 23:28:21.\n# Edit at your own risk.\n\n127.0.0.1:7777 FALSE / FALSE 1956556800 foo \"bar\n .google.com TRUE / FALSE 1900000000 injected cookie\n \"\n\nSince the Wget cookie jar parser skips any leading spaces, the .google.com line\nwill be picked up.\n\nNote: The order in which the hosts/domains are stored in the cookie jar is derived\nfrom the hashing function used to speed up the lookups. If an existing cookie is\nto be replaced the server hostname used to serve the Set-Cookie will need to be\ncarefully chosen to result in hash entry below the targeted domain. If not done,\nthe original cookie will be used instead of the injected one.\n\n\nProof of Concept\n----------------\n\n1. Set up a minimal web server, good for 1 request:\n $ echo -ne 'HTTP/1.1 200 OK\\r\\nContent-Length: 0\\r\\nSet-Cookie: \nfoo=\"bar\\r\\n\\x20.google.com\\tTRUE\\t/\\tFALSE\\t1900000000\\tinjected\\tcookie\\r\\n\\t\";expires=Thursday, 01-Jan-2032 08:00:00 \nGMT\\r\\n\\r\\n' | nc -v -l 7777\n\n2. Fetch the evil url:\n $ wget --save-cookies jar.txt http://127.0.0.1:7777/plop\n\n3. Examine the resulting cookie jar file:\n $ cat jar.txt\n\n\nVulnerable versions\n-------------------\n\nThe following GNU Wget versions are confirmed vulnerable:\n\n- 1.7 thru 1.19.4\n\n\nMitigation\n----------\n\n1. Upgrade to GNU Wget 1.19.5 or later, or to appropriate security updated package\n in your distribution\n\n\nCredits\n-------\n\nThe vulnerability was discovered by Harry Sintonen / F-Secure Corporation.\n\n\nTimeline\n--------\n\n2018.04.26 discovered & reported the vulnerability\n2018.04.27 CVE-2018-0494 assigned\n2018.05.06 GNU Wget 1.19.5 released with the fix\n2018.05.06 public disclosure of the advisory", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2018-05-24T14:20:33", "description": "GNU wget - Cookie Injection. CVE-2018-0494. Local exploit for Linux platform", "published": "2018-05-06T00:00:00", "type": "exploitdb", "title": "GNU wget - Cookie Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-0494"], "modified": "2018-05-06T00:00:00", "id": "EDB-ID:44601", "href": "https://www.exploit-db.com/exploits/44601/", "sourceData": "GNU Wget Cookie Injection [CVE-2018-0494]\r\n=========================================\r\nThe latest version of this advisory is available at:\r\nhttps://sintonen.fi/advisories/gnu-wget-cookie-injection.txt\r\n\r\n\r\nOverview\r\n--------\r\n\r\nGNU Wget is susceptible to a malicious web server injecting arbitrary cookies to\r\nthe cookie jar file.\r\n\r\n\r\nDescription\r\n-----------\r\n\r\nNormally a website should not be able to set cookies for other domains. Due to\r\ninsufficient input validation GNU Wget can be tricked into storing arbitrary cookie\r\nvalues to the cookie jar file, bypassing this security restriction.\r\n\r\n\r\nImpact\r\n------\r\n\r\nAn external attacker is able to inject arbitrary cookie values cookie jar file,\r\nadding new or replacing existing cookie values.\r\n\r\n\r\nDetails\r\n-------\r\n\r\nThe discovered vulnerability, described in more detail below, enables the attack\r\ndescribed here in brief.\r\n\r\n1. The attacker controlled web site sends a specially crafted Set-Cookie -header\r\n to inject a new authentication cookie for example.com, replacing the existing\r\n one. In order to be successful the victim must perform a wget operation on the\r\n attacker controller site, for example:\r\n wget --load-cookies jar.txt --save-cookies jar.txt https://evil.invalid\r\n2. Victim uses wget to post some secret the the api.example.com:\r\n wget --load-cookies jar.txt --post-file secret.txt https://example.com/upload\r\n\r\nSince the attacker was able to replace the authentication cookie for example.com,\r\nthe secret.txt data will be posted to attacker's account instead to that of the\r\nvictim.\r\n\r\n\r\nVulnerabilities\r\n---------------\r\n\r\n1. CWE-20: Improper Input Validation in Set-Cookie parsing [CVE-2018-0494]\r\n\r\nThe cookie parsing implementation does too lax input validation when parsing the\r\nSet-Cookie response from the server. Consider the following malicious response:\r\n\r\nHTTP/1.1 200 OK\r\nContent-Length: 0\r\nSet-Cookie: foo=\"bar\r\n .google.com TRUE / FALSE 1900000000 injected cookie\r\n \";expires=Thursday, 01-Jan-2032 08:00:00 GMT\r\n\r\n\r\nWhen parsed by Wget and stored to a cookie jar file it will appear as:\r\n\r\n# HTTP cookie file.\r\n# Generated by Wget on 2018-04-27 23:28:21.\r\n# Edit at your own risk.\r\n\r\n127.0.0.1:7777 FALSE / FALSE 1956556800 foo \"bar\r\n .google.com TRUE / FALSE 1900000000 injected cookie\r\n \"\r\n\r\nSince the Wget cookie jar parser skips any leading spaces, the .google.com line\r\nwill be picked up.\r\n\r\nNote: The order in which the hosts/domains are stored in the cookie jar is derived\r\nfrom the hashing function used to speed up the lookups. If an existing cookie is\r\nto be replaced the server hostname used to serve the Set-Cookie will need to be\r\ncarefully chosen to result in hash entry below the targeted domain. If not done,\r\nthe original cookie will be used instead of the injected one.\r\n\r\n\r\nProof of Concept\r\n----------------\r\n\r\n1. Set up a minimal web server, good for 1 request:\r\n $ echo -ne 'HTTP/1.1 200 OK\\r\\nContent-Length: 0\\r\\nSet-Cookie: \r\nfoo=\"bar\\r\\n\\x20.google.com\\tTRUE\\t/\\tFALSE\\t1900000000\\tinjected\\tcookie\\r\\n\\t\";expires=Thursday, 01-Jan-2032 08:00:00 \r\nGMT\\r\\n\\r\\n' | nc -v -l 7777\r\n\r\n2. Fetch the evil url:\r\n $ wget --save-cookies jar.txt http://127.0.0.1:7777/plop\r\n\r\n3. Examine the resulting cookie jar file:\r\n $ cat jar.txt\r\n\r\n\r\nVulnerable versions\r\n-------------------\r\n\r\nThe following GNU Wget versions are confirmed vulnerable:\r\n\r\n- 1.7 thru 1.19.4\r\n\r\n\r\nMitigation\r\n----------\r\n\r\n1. Upgrade to GNU Wget 1.19.5 or later, or to appropriate security updated package\r\n in your distribution\r\n\r\n\r\nCredits\r\n-------\r\n\r\nThe vulnerability was discovered by Harry Sintonen / F-Secure Corporation.\r\n\r\n\r\nTimeline\r\n--------\r\n\r\n2018.04.26 discovered & reported the vulnerability\r\n2018.04.27 CVE-2018-0494 assigned\r\n2018.05.06 GNU Wget 1.19.5 released with the fix\r\n2018.05.06 public disclosure of the advisory", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44601/"}], "slackware": [{"lastseen": "2020-10-25T16:36:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0494"], "description": "New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/wget-1.19.5-i586-1_slack14.2.txz: Upgraded.\n Fixed a security issue where a malicious web server could inject arbitrary\n cookies into the cookie jar file.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0494\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/wget-1.19.5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/wget-1.19.5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/wget-1.19.5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/wget-1.19.5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/wget-1.19.5-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/wget-1.19.5-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wget-1.19.5-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wget-1.19.5-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wget-1.19.5-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wget-1.19.5-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wget-1.19.5-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wget-1.19.5-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wget-1.19.5-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wget-1.19.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n99ecfce2e37284f1c6fda1bb6c361626 wget-1.19.5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n88f90830a0e84098f108f570aaa2fbe9 wget-1.19.5-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n3a7ef48cb111bbf5dbe97ecc7eb234fc wget-1.19.5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n857b8c1f7c9b483e68b319ff5ab4f06f wget-1.19.5-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n43a3a226d1d81f2326fae5627030c0f9 wget-1.19.5-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\na8914d8dbd714aeffdcdc08dcbe33004 wget-1.19.5-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n50280949b5a4a3dc3572aeb05916b6e0 wget-1.19.5-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nfa816d894bc0a1d59ea7d8438942e2ae wget-1.19.5-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n158ed137440fab2b580f96cc79e00ef0 wget-1.19.5-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\na99bae315db17913fe7af1413f0ae41d wget-1.19.5-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n25ca08372a4536cd4b5dd6495ab654b4 wget-1.19.5-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n5ee02928aab549c7f57996df017ad2d8 wget-1.19.5-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n0cbf10e6eef10a6614fd4fdcc4b4e4cf n/wget-1.19.5-i586-1.txz\n\nSlackware x86_64 -current package:\n41a908b2ef8f6c82f4cf59b1ec3fc0e3 n/wget-1.19.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg wget-1.19.5-i586-1_slack14.2.txz", "modified": "2018-05-10T01:30:09", "published": "2018-05-10T01:30:09", "id": "SSA-2018-129-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.533566", "type": "slackware", "title": "[slackware-security] wget", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-11-21T23:29:23", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822", "CVE-2018-20483"], "description": "[7.61.1-11]\n- rebuild with updated annobin to prevent Execshield RPMDiff check from failing\n[7.61.1-10]\n- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n- fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n- fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)\n- xattr: strip credentials from any URL that is stored (CVE-2018-20483)\n[7.61.1-9]\n- do not let libssh create a new socket for SCP/SFTP (#1669156)", "edition": 1, "modified": "2019-11-14T00:00:00", "published": "2019-11-14T00:00:00", "id": "ELSA-2019-3701", "href": "http://linux.oracle.com/errata/ELSA-2019-3701.html", "title": "curl security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:09:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13089", "CVE-2017-13090", "CVE-2018-0494"], "description": "[1.14-18]\n- Fix CVE-2018-0494 (#1576106)\n[1.14-17]\n- Fix segfault when Digest Authentication header is missing 'qop' part (#1545310)\n[1.14-16]\n- Fixed various security flaws (CVE-2017-13089, CVE-2017-13090)", "edition": 3, "modified": "2018-11-05T00:00:00", "published": "2018-11-05T00:00:00", "id": "ELSA-2018-3052", "href": "http://linux.oracle.com/errata/ELSA-2018-3052.html", "title": "wget security and bug fix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
