| Description: | Description:
The remote host is missing an update to wget
announced via advisory USN-205-1.
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected: libcurl2 libcurl3 wget
A buffer overflow has been found in the NTLM authentication handler of
the Curl library and wget. By tricking an user or automatic system
that uses the Curl library, the curl application, or wget into
visiting a specially-crafted web site, a remote attacker could exploit
this to execute arbitrary code with the privileges of the calling
user.
The Ubuntu 4.10 and 5.04 versions of wget are not affected by this.
Solution:
The problem can be corrected by upgrading the affected package to the
following versions:
Ubuntu 4.10:
libcurl2 7.12.0.is.7.11.2-1ubuntu0.2
Ubuntu 5.04:
libcurl2 1:7.11.2-12ubuntu3.2
libcurl3 7.12.3-2ubuntu3.2
Ubuntu 5.10:
libcurl3 7.14.0-2ubuntu1.1
wget 1.10-2ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes. However, if you have the Apache web server
installed, you need to restart it with
sudo /etc/init.d/apache2 restart
to make sure that Apache uses the updated Curl library.
https://secure1.securityspace.com/smysecure/catid.html?in=USN-205-1
Risk factor : High
CVSS Score:
7.5
|
