Vulnerabilities > CVE-2009-3490 - Cryptographic Issues vulnerability in GNU Wget

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

gnu

CWE-310

nessus

NVD

Published: 2009-09-30

Updated: 2017-09-19

Summary

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Wget 1.5.3 GNU Wget 1.6 GNU Wget 1.7 GNU Wget 1.7.1 GNU Wget 1.8 GNU Wget 1.8.1 GNU Wget 1.9 GNU Wget 1.9.1 GNU Wget 1.10 GNU Wget 1.10.1 GNU Wget 1.10.2 GNU Wget 1.11 GNU Wget 1.11.1 GNU Wget 1.11.2 GNU Wget 1.11.3 GNU Wget - GNU Wget 1.4.0 GNU Wget 1.4.1 GNU Wget 1.4.2 GNU Wget 1.4.3 GNU Wget 1.5.0 GNU Wget 1.8.2 GNU Wget 1.11.4	23

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-1549.NASL
description	An updated wget package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published
last seen	2020-06-01
modified	2020-06-02
plugin id	67069
published	2013-06-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67069
title	CentOS 3 / 4 / 5 : wget (CESA-2009:1549)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20091103_WGET_ON_SL3_X.NASL
description	CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name Daniel Stenberg reported that Wget is affected by the previously published
last seen	2020-06-01
modified	2020-06-02
plugin id	60690
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60690
title	Scientific Linux Security Update : wget on SL3.x, SL4.x, SL5.x i386/x86_64

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200910-01.NASL
description	The remote host is affected by the vulnerability described in GLSA-200910-01 (Wget: Certificate validation error) The vendor reported that Wget does not properly handle Common Name (CN) fields in X.509 certificates that contain an ASCII NUL (\\0) character. Specifically, the processing of such fields is stopped at the first occurrence of a NUL character. This type of vulnerability was recently discovered by Dan Kaminsky and Moxie Marlinspike. Impact : A remote attacker might employ a specially crafted X.509 certificate, containing a NUL character in the Common Name field to conduct man-in-the-middle attacks on SSL connections made using Wget. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	42197
published	2009-10-22
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42197
title	GLSA-200910-01 : Wget: Certificate validation error

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_125215-05.NASL
description	SunOS 5.10: wget patch. Date this patch was last updated by Sun : Jan/19/15
last seen	2020-06-01
modified	2020-06-02
plugin id	107421
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107421
title	Solaris 10 (sparc) : 125215-05

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-11836.NASL
description	- Wed Nov 18 2009 Karsten Hopp <karsten at redhat.com> 1.12-2 - don
last seen	2020-06-01
modified	2020-06-02
plugin id	42988
published	2009-12-03
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/42988
title	Fedora 12 : wget-1.12-2.fc12 (2009-11836)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_125215-04.NASL
description	SunOS 5.10: wget patch. Date this patch was last updated by Sun : Apr/15/11
last seen	2020-06-01
modified	2020-06-02
plugin id	107420
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107420
title	Solaris 10 (sparc) : 125215-04

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_125215-08.NASL
description	SunOS 5.10: wget patch. Date this patch was last updated by Sun : Oct/14/19
last seen	2020-06-01
modified	2020-06-02
plugin id	129871
published	2019-10-15
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129871
title	Solaris 10 (sparc) : 125215-08

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-206.NASL
description	A vulnerability has been found and corrected in wget : GNU Wget before 1.12 does not properly handle a
last seen	2020-06-01
modified	2020-06-02
plugin id	40638
published	2009-08-20
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40638
title	Mandriva Linux Security Advisory : wget (MDVSA-2009:206-1)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_125216-04.NASL
description	SunOS 5.10_x86: wget patch. Date this patch was last updated by Sun : Apr/15/11
last seen	2020-06-01
modified	2020-06-02
plugin id	107922
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107922
title	Solaris 10 (x86) : 125216-04

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-11739.NASL
description	- Wed Nov 18 2009 Karsten Hopp <karsten at redhat.com> 1.12-2 - don
last seen	2020-06-01
modified	2020-06-02
plugin id	42986
published	2009-12-03
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/42986
title	Fedora 10 : wget-1.12-2.fc10 (2009-11739)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1904.NASL
description	Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using HTTP(S) and FTP, is vulnerable to the
last seen	2020-06-01
modified	2020-06-02
plugin id	44769
published	2010-02-24
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44769
title	Debian DSA-1904-1 : wget - insufficient input validation

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-1549.NASL
description	From Red Hat Security Advisory 2009:1549 : An updated wget package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published
last seen	2020-06-01
modified	2020-06-02
plugin id	67954
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67954
title	Oracle Linux 3 / 4 / 5 : wget (ELSA-2009-1549)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_125215.NASL
description	SunOS 5.10: wget patch. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 125215 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	42970
published	2009-12-02
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=42970
title	Solaris 10 (sparc) : 125215-07 (deprecated)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_125216-08.NASL
description	SunOS 5.10_x86: wget patch. Date this patch was last updated by Sun : Oct/14/19
last seen	2020-06-01
modified	2020-06-02
plugin id	129875
published	2019-10-15
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129875
title	Solaris 10 (x86) : 125216-08

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_125215-07.NASL
description	SunOS 5.10: wget patch. Date this patch was last updated by Sun : Sep/15/16
last seen	2020-06-01
modified	2020-06-02
plugin id	107422
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107422
title	Solaris 10 (sparc) : 125215-07

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_125216-05.NASL
description	SunOS 5.10_x86: wget patch. Date this patch was last updated by Sun : Jan/19/15
last seen	2020-06-01
modified	2020-06-02
plugin id	107923
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107923
title	Solaris 10 (x86) : 125216-05

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-11740.NASL
description	- Wed Nov 18 2009 Karsten Hopp <karsten at redhat.com> 1.12-2 - don
last seen	2020-06-01
modified	2020-06-02
plugin id	42987
published	2009-12-03
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/42987
title	Fedora 11 : wget-1.12-2.fc11 (2009-11740)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_125216.NASL
description	SunOS 5.10_x86: wget patch. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 125216 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	42971
published	2009-12-02
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=42971
title	Solaris 10 (x86) : 125216-07 (deprecated)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1549.NASL
description	An updated wget package that fixes a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published
last seen	2020-06-01
modified	2020-06-02
plugin id	42359
published	2009-11-04
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/42359
title	RHEL 3 / 4 / 5 : wget (RHSA-2009:1549)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_125216-07.NASL
description	SunOS 5.10_x86: wget patch. Date this patch was last updated by Sun : Sep/15/16
last seen	2020-06-01
modified	2020-06-02
plugin id	107924
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107924
title	Solaris 10 (x86) : 125216-07

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-842-1.NASL
description	It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	42050
published	2009-10-07
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/42050
title	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : wget vulnerability (USN-842-1)

Oval

accepted

2013-04-29T04:11:30.659-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:11099

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	520454
title	CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025
comment wget is earlier than 0:1.10.2-1.el4_8.1
oval oval:com.redhat.rhsa:tst:20091549001
comment wget is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20091549002

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment wget is earlier than 0:1.11.4-2.el5_4.1
oval oval:com.redhat.rhsa:tst:20091549004
comment wget is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20091549005

rhsa

id	RHSA-2009:1549
released	2009-11-03
severity	Moderate
title	RHSA-2009:1549: wget security update (Moderate)

rpms

wget-0:1.10.2-0.30E.1
wget-0:1.10.2-1.el4_8.1
wget-0:1.11.4-2.el5_4.1
wget-debuginfo-0:1.10.2-0.30E.1
wget-debuginfo-0:1.10.2-1.el4_8.1
wget-debuginfo-0:1.11.4-2.el5_4.1

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 36205 CVE(CAN) ID: CVE-2009-3490 Wget是可使用HTTP、HTTPS和FTP协议的文件检索工具。 Wget没有正确地处理X.509证书主题通用名称（CN）字段域名中的空字符（\0），在处理包含有空字符的证书字段时错误地将空字符处理为截止字符，因此只会验证空字符前的部分。例如，对于类似于以下的名称： example.com\0.haxx.se 证书是发布给haxx.se的，但Wget错误的验证给example.com，这有助于攻击者通过中间人攻击执行网络钓鱼等欺骗。 Micah Cowan Wget < 1.12 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2009:1549-01）以及相应补丁: RHSA-2009:1549-01：Moderate: wget security update 链接：https://www.redhat.com/support/errata/RHSA-2009-1549.html Micah Cowan ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7
id	SSV:12579
last seen	2017-11-19
modified	2009-11-05
published	2009-11-05
reporter	Root
title	Wget CA SSL畸形证书验证漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

Seebug

References