Twenty Year Anniversary
Showing 1 - 4 of 4 RSS Feed

CVE-2017-13089

Status Candidate

Overview

The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.

Related Files

Gentoo Linux Security Advisory 201711-06
Posted Nov 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-6 - Multiple vulnerabilities have been found in Wget, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 1.19.1-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-13089, CVE-2017-13090
MD5 | f303910659d3e44a1267a9b40588c5e8
Slackware Security Advisory - wget Updates
Posted Nov 1, 2017
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2017-13089, CVE-2017-13090
MD5 | bac6e0ae7ad74eb2a7081c8647a3243d
Red Hat Security Advisory 2017-3075-01
Posted Oct 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3075-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2017-13089, CVE-2017-13090
MD5 | 7d115b485d60dc7866ad086a046a7a19
Ubuntu Security Notice USN-3464-1
Posted Oct 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3464-1 - Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7098, CVE-2017-13089, CVE-2017-13090, CVE-2017-6508
MD5 | b3402a151ba7a6e7336cccf6555e8d39
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    2 Files
  • 23
    Apr 23rd
    17 Files
  • 24
    Apr 24th
    36 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    31 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close