exploit the possibilities

Debian Security Advisory 4195-1

Debian Security Advisory 4195-1
Posted May 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-0494
MD5 | 0a8ebefedcc50cb36f81573bebaba542

Debian Security Advisory 4195-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4195-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 08, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wget
CVE ID : CVE-2018-0494
Debian Bug : 898076

Harry Sintonen discovered that wget, a network utility to retrieve files
from the web, does not properly handle '\r\n' from continuation lines
while parsing the Set-Cookie HTTP header. A malicious web server could
use this flaw to inject arbitrary cookies to the cookie jar file, adding
new or replacing existing cookie values.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.16-1+deb8u5.

For the stable distribution (stretch), this problem has been fixed in
version 1.18-5+deb9u2.

We recommend that you upgrade your wget packages.

For the detailed security status of wget please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/wget

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrxemlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0ThxQ/9FYza3/uH04QOLtluPk5H60uqOsbt2fza1vkZ+7xx3TzD72Ekge72F+j/
iexJmwe8HKLO7na27k2aIhR5abdUjhKjhM8NCwX/0Va6AJpO+5P98mbMQ+gMO/01
imwVtCJNT/bk0/nwbj6vJFzkG0NC1V7Y4v7/fnccChkvehgql82FtDT6FK0vmVpg
X2NVuDahvtUEuA4bSeqD5DUVLzRbLtZsC0iLMqaRDoeVQVQ50ZLXWOZU02SVwg5v
xtoqdGANxNRBceQ9n2SfaDnJFZD/oBbMdg6if5/jJdfZUKQMs2PQmOMgOzItHEnj
Zw5btNdyhqYs7aPAYjWpapWkvEN1cZfI+/s8vAuiLO9F5i1u8ffLWekU+5vPQboG
2kzZJewyT6I9ngh28z+jlorGQrAiAE7XhUqUAORBX/gY0EyORLm0476BIUlyl8Xe
KdKc9IHGaPAF8HlS46FGfMCmEPO+Ad8YUV+m3GPjCuLSfvvHZ0X35saESKW09qOo
pN2i3O8mkWzoH79qcOubuekyf79xcov1dS/SZgTD3K+ExQAwjOIHHTK82N9jfjtC
WyB/x0DKe5gc81kdSwf8plj47WEy6Y1mIZwtbEqJRbxSMuEGvNWwv0Onxp7tnoeB
I+CDhRHrJAmYQTaIpz3MaxoLEFpFtQ34+eo52QUyzvcv/mas+ug=
=vQ4n
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    3 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close