===================================================================== CERT-Renater Note d'Information No. 2005/VULN370 _____________________________________________________________________ DATE : 10/06/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running wget. ====================================================================== _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: wget Advisory ID: MDKSA-2005:098 Date: June 9th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: Two vulnerabilities were found in wget. The first is that an HTTP redirect statement could be used to do a directory traversal and write to files outside of the current directory. The second is that HTTP redirect statements could be used to overwrite dot ('.') files, potentially overwriting the user's configuration files (such as .bashrc, etc.). The updated packages have been patched to help address these problems by replacing dangerous directories and filenames containing the dot ('.') character with an underscore ('_') character. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1488 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: e61a21190da94a75eaaf083eb894dd3e 10.0/RPMS/wget-1.9.1-4.1.100mdk.i586.rpm 368f43f3ff9dbbe4502e84a38bac5786 10.0/SRPMS/wget-1.9.1-4.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: cf379f576b75dee53b747897bfe89c03 amd64/10.0/RPMS/wget-1.9.1-4.1.100mdk.amd64.rpm 368f43f3ff9dbbe4502e84a38bac5786 amd64/10.0/SRPMS/wget-1.9.1-4.1.100mdk.src.rpm Mandrakelinux 10.1: d182df118b7e9ade64b77983dff47fc4 10.1/RPMS/wget-1.9.1-4.2.101mdk.i586.rpm 91f8cbb93a4453a68c13bd12620e3e4e 10.1/SRPMS/wget-1.9.1-4.2.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 64827a4a355d106a477cb4b5bcf882cb x86_64/10.1/RPMS/wget-1.9.1-4.2.101mdk.x86_64.rpm 91f8cbb93a4453a68c13bd12620e3e4e x86_64/10.1/SRPMS/wget-1.9.1-4.2.101mdk.src.rpm Mandrakelinux 10.2: 99aa2d3e18afa3e7ef1d3b746b70e431 10.2/RPMS/wget-1.9.1-5.1.102mdk.i586.rpm fdf0fdde2c0d220c7b9cf755c3a28a98 10.2/SRPMS/wget-1.9.1-5.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: d6793d9ab06478949aa9bb75aa216138 x86_64/10.2/RPMS/wget-1.9.1-5.1.102mdk.x86_64.rpm fdf0fdde2c0d220c7b9cf755c3a28a98 x86_64/10.2/SRPMS/wget-1.9.1-5.1.102mdk.src.rpm Corporate Server 2.1: e058c63a097aadc247458e54e092c03a corporate/2.1/RPMS/wget-1.8.2-3.2.C21mdk.i586.rpm f45e8a97e6d535fc27d0053813959145 corporate/2.1/SRPMS/wget-1.8.2-3.2.C21mdk.src.rpm Corporate Server 2.1/X86_64: 89ae60b0b75411c6abb5774795f09af0 x86_64/corporate/2.1/RPMS/wget-1.8.2-3.2.C21mdk.x86_64.rpm f45e8a97e6d535fc27d0053813959145 x86_64/corporate/2.1/SRPMS/wget-1.8.2-3.2.C21mdk.src.rpm Corporate 3.0: bcf947efa32f9ce531077faf5e470e98 corporate/3.0/RPMS/wget-1.9.1-4.2.C30mdk.i586.rpm ab34a60ca4ebf44d2e02988e19df5929 corporate/3.0/SRPMS/wget-1.9.1-4.2.C30mdk.src.rpm Corporate 3.0/X86_64: 66190c6d61c180ec8a3bc8592ca55da6 x86_64/corporate/3.0/RPMS/wget-1.9.1-4.2.C30mdk.x86_64.rpm ab34a60ca4ebf44d2e02988e19df5929 x86_64/corporate/3.0/SRPMS/wget-1.9.1-4.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================