AusCERT - ESB-2002.701 -- Debian Security Advisory DSA-209-1 -- Two wget problems

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-2002.701 -- Debian Security Advisory DSA-209-1 -- Two wget problems
Date: 13 December 2002
References: ESB-2002.695

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

            ESB-2002.701 -- Debian Security Advisory DSA-209-1
                             Two wget problems
                             13 December 2002

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                wget
Vendor:                 Debian
Operating System:       Debian GNU/Linux 2.2
                        Debian GNU/Linux 3.0
                        Linux
                        UNIX
Impact:                 Denial of Service
                        Overwrite Arbitrary Files
Access Required:        Remote

Ref:                    ESB-2002.695

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-209-1                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
December 12, 2002
- - ------------------------------------------------------------------------


Package        : wget
Problem type   : directory traversal
                 buffer overflow
Debian-specific: no
CVEs           : CAN-2002-1344

Two problems have been found in the wget package as distributed in
Debian GNU/Linux:

* Stefano Zacchiroli found a buffer overrun in the url_filename function,
  which would make wget segfault on very long URLs

* Steven M. Christey discovered that wget did not verify the FTP server
  response to a NLST command: it must not contain any directory information,
  since that can be used to make a FTP client overwrite arbitrary files.

Both problems have been fixed in version 1.5.3-3.1 for Debian GNU/Linux
2.2/potato and version 1.8.1-6.1 for Debian GNU/Linux 3.0/woody.

- - ------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb http://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at http://www.debian.org/security/

- - ------------------------------------------------------------------------


Debian GNU/Linux 2.2 alias potato
- - ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1.diff.gz
      Size/MD5 checksum:    75231 61d99d8ab75b95cd9fa2459e74182a50
    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3.orig.tar.gz
      Size/MD5 checksum:   446966 47680b25bf893afdb0c43b24e3fc2fd6
    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1.dsc
      Size/MD5 checksum:     1163 9eb3c57aa94d74e3c6e4097b5d941563

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_alpha.deb
      Size/MD5 checksum:   249228 0eedd7487056460a8de93ea2ed3402f2

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_arm.deb
      Size/MD5 checksum:   233342 9a57b21e6611b46b3991bb38e75dbd08

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_i386.deb
      Size/MD5 checksum:   227812 fc7c576836d26cebc397c07f3bbd1488

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_m68k.deb
      Size/MD5 checksum:   224820 b967f1e1b960be2fce3fb2cae55b6710

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_powerpc.deb
      Size/MD5 checksum:   234646 48b138d481cebbe85b437d82b63285b7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_sparc.deb
      Size/MD5 checksum:   235500 631874205d8d85378555387209a9db37


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc. An update for mipsel is not available at this
  moment.


  Source archives:

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1.orig.tar.gz
      Size/MD5 checksum:  1097780 6ca8e939476e840f0ce69a3b31c13060
    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1.diff.gz
      Size/MD5 checksum:     9939 69f96b6608e043e0d781061a22e90169
    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1.dsc
      Size/MD5 checksum:     1217 97af60040e8d7a2cd538d18a5120cd87

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_alpha.deb
      Size/MD5 checksum:   364338 aeade9ab45904c8b6c64fcdb5934576e

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_arm.deb
      Size/MD5 checksum:   335972 dfe4085e95fd53be9821d1b33d79d134

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_hppa.deb
      Size/MD5 checksum:   355790 32dd606c8dc5b3d3fc8000519009de4e

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_i386.deb
      Size/MD5 checksum:   332394 afc976eaaf4cd416f8eedd347d18367b

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_ia64.deb
      Size/MD5 checksum:   393540 efb82eb46927b657fa8e2706f475bf53

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_m68k.deb
      Size/MD5 checksum:   327236 60f0449f6d0a3b4ff76beb59f1e762d0

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_mips.deb
      Size/MD5 checksum:   348676 af79ba0f16b12678594f15bdf49325b9

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_powerpc.deb
      Size/MD5 checksum:   341130 0d67a5f9b284e2088847935901333888

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_s390.deb
      Size/MD5 checksum:   336118 c731e21474d3965c851fcb3921abe979

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_sparc.deb
      Size/MD5 checksum:   340978 3ba4e8cdf1c96b5ba5fd7d52316d73e2


- - -- 
- - ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9+RJlPLiSUC+jvC0RAnSOAJ9UeoSbNwMPx4xsQO4dEr0Ar8qd3wCgiWrx
gyXn7nvTNmu6BDdl/5rgf7A=
=A2Da
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author\'s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBPfnffCh9+71yA2DNAQENJwP/RMJ7TGnCSK2BwuuF9kZVHrLfYlrEixeV
YTz1sd17v18uYwBPhJn3CNeokoCUOeBDxo/nUcwMYRpZd3PkFdxZ9wIf1qUOyo5h
b+FDP1aOYFSd++a+Ez/jBBz0WYpMPz42FwudiwV2zobPACSKO1bR/W5+lEYvC0Uq
TTBYePFNwYc=
=SJqJ
-----END PGP SIGNATURE-----