Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:098: wget Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the wget package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:098 (wget).
Two vulnerabilities were found in wget. The first is that an HTTP redirect
statement could be used to do a directory traversal and write to files outside
of the current directory. The second is that HTTP redirect statements could be
used to overwrite dot ('.') files, potentially overwriting the user's
configuration files (such as .bashrc, etc.).
The updated packages have been patched to help address these problems by
replacing dangerous directories and filenames containing the dot ('.')
character with an underscore ('_') character.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:098
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.