Test ID:	1.3.6.1.4.1.25623.1.0.843351
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3464-1)
Summary:	The remote host is missing an update for the 'wget' package(s) announced via the USN-3464-1 advisory.
Description:	Summary: The remote host is missing an update for the 'wget' package(s) announced via the USN-3464-1 advisory. Vulnerability Insight: Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090) Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098) Orange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508) Affected Software/OS: 'wget' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.04, Ubuntu 17.10. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7098 40824 https://www.exploit-db.com/exploits/40824/ 93157 http://www.securityfocus.com/bid/93157 [bug-wget] 20160814 Wget - acess list bypass / race condition PoC http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.html [bug-wget] 20160824 Re: Wget - acess list bypass / race condition PoC http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.html [debian-lts-announce] 20200129 [SECURITY] [DLA 2086-1] wget security update https://lists.debian.org/debian-lts-announce/2020/01/msg00031.html [oss-security] 20160827 Re: CVE Request - Gnu Wget 1.17 - Design Error Vulnerability http://www.openwall.com/lists/oss-security/2016/08/27/2 openSUSE-SU-2016:2284 http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html openSUSE-SU-2017:0015 http://lists.opensuse.org/opensuse-updates/2017-01/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2017-13089 BugTraq ID: 101592 http://www.securityfocus.com/bid/101592 Debian Security Information: DSA-4008 (Google Search) http://www.debian.org/security/2017/dsa-4008 https://security.gentoo.org/glsa/201711-06 https://github.com/r1b/CVE-2017-13089 https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html RedHat Security Advisories: RHSA-2017:3075 https://access.redhat.com/errata/RHSA-2017:3075 http://www.securitytracker.com/id/1039661 Common Vulnerability Exposure (CVE) ID: CVE-2017-13090 BugTraq ID: 101590 http://www.securityfocus.com/bid/101590 Common Vulnerability Exposure (CVE) ID: CVE-2017-6508 BugTraq ID: 96877 http://www.securityfocus.com/bid/96877 https://security.gentoo.org/glsa/201706-16 http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.