Vulnerabilities > CVE-2002-1565 - Denial-Of-Service vulnerability in Immunix 7

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
immunix
nessus
NVD
Published: 2003-06-16
Updated: 2017-07-11

Summary

Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.

Vulnerable Configurations

Part Description Count
Application
Immunix
1

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-209.NASL
    descriptionTwo problems have been found in the wget package as distributed in Debian GNU/Linux : - Stefano Zacchiroli found a buffer overrun in the url_filename function, which would make wget segfault on very long URLs - Steven M. Christey discovered that wget did not verify the FTP server response to a NLST command: it must not contain any directory information, since that can be used to make an FTP client overwrite arbitrary files. Both problems have been fixed in version 1.5.3-3.1 for Debian GNU/Linux 2.2/potato and version 1.8.1-6.1 for Debian GNU/Linux 3.0/woody.
    last seen2020-06-01
    modified2020-06-02
    plugin id15046
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15046
    titleDebian DSA-209-1 : wget - directory traversal
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-209. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15046);
  script_version("1.21");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2002-1344", "CVE-2002-1565");
  script_bugtraq_id(6352);
  script_xref(name:"DSA", value:"209");

  script_name(english:"Debian DSA-209-1 : wget - directory traversal");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Two problems have been found in the wget package as distributed in
Debian GNU/Linux :

  - Stefano Zacchiroli found a buffer overrun in the
    url_filename function, which would make wget segfault on
    very long URLs
  - Steven M. Christey discovered that wget did not verify
    the FTP server response to a NLST command: it must not
    contain any directory information, since that can be
    used to make an FTP client overwrite arbitrary files.

Both problems have been fixed in version 1.5.3-3.1 for Debian
GNU/Linux 2.2/potato and version 1.8.1-6.1 for Debian GNU/Linux
3.0/woody."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-209"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected wget package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wget");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/12/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"wget", reference:"1.5.3-3.1")) flag++;
if (deb_check(release:"3.0", prefix:"wget", reference:"1.8.1-6.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-372.NASL
    descriptionUpdated wget packages that correct a buffer overrun are now available. GNU Wget is a file-retrieval utility that uses the HTTP and FTP protocols. A buffer overflow in the url_filename function for wget 1.8.1 allows attackers to cause a segmentation fault via a long URL. Red Hat does not believe that this issue is exploitable to allow an attacker to be able to run arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1565 to this issue. Users of wget should install the erratum package, which contains a backported security patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id12436
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12436
    titleRHEL 2.1 : wget (RHSA-2003:372)

Redhat

advisories
rhsa
idRHSA-2003:372

References