LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Wget vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
===========================================================
Ubuntu Security Notice USN-842-1           October 06, 2009
wget vulnerability
CVE-2009-3490
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  wget                            1.10.2-1ubuntu1.1

Ubuntu 8.04 LTS:
  wget                            1.10.2-3ubuntu1.1

Ubuntu 8.10:
  wget                            1.11.4-1ubuntu1.1

Ubuntu 9.04:
  wget                            1.11.4-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Wget did not correctly handle SSL certificates with
zero bytes in the Common Name. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1.diff.gz
      Size/MD5:    13576 1e0bd3f6766ccec47e56543add24f6ee
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1.dsc
      Size/MD5:      635 2fc7a7bb0b375f0197066634251b678f
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar.gz
      Size/MD5:  1213056 795fefbb7099f93e2d346b026785c4b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_amd64.deb
      Size/MD5:   242902 bc6388c0a62bfeb733bd9650831a16d7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_i386.deb
      Size/MD5:   231806 a2db447d60ee6a2c110d0821710f64e5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_powerpc.deb
      Size/MD5:   237456 0cb5f38c14d929ff5bf4cf49f596173f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_sparc.deb
      Size/MD5:   234566 5715c3e3c7a1fdc5088062620c1ef7a0

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1.diff.gz
      Size/MD5:   159701 285fb3ed2f3b72cfb2a660aa69e88992
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1.dsc
      Size/MD5:      724 64e8f5ca18e46e6b623f28f32636b3b0
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar.gz
      Size/MD5:  1213056 795fefbb7099f93e2d346b026785c4b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_amd64.deb
      Size/MD5:   245188 3ce5dcf59f0b6846d0e1603e7792b767
    http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_amd64.udeb
      Size/MD5:   113810 32e6d086f555f54d7e792308e9a751fe

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_i386.deb
      Size/MD5:   237758 333fc10b43cabaea85ba3bf2e8f8912d
    http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_i386.udeb
      Size/MD5:   106420 d9b515296d12378b9836107b566c5f98

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_lpia.deb
      Size/MD5:   237412 a8a6b4b9be478453498db1c973ce0bae
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_lpia.udeb
      Size/MD5:   106408 e4963b7ffe58e88dca118a9a2eebd6ea

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_powerpc.deb
      Size/MD5:   253120 8808b0485d41f832ec07583d8aabd5f5
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_powerpc.udeb
      Size/MD5:   121562 bb4a522a48a60ae1802bbfb098011002

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_sparc.deb
      Size/MD5:   239116 a96b7a74035cec7ee7b652e0f8723c35
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_sparc.udeb
      Size/MD5:   107290 e23bd05c06e106745de3c29e46e5d330

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1.diff.gz
      Size/MD5:    18317 8600c594c0263c32b546ee4aeab34621
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1.dsc
      Size/MD5:     1162 f8bdcd44667c37f106b514d94264f4bd
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4.orig.tar.gz
      Size/MD5:  1475149 69e8a7296c0e12c53bd9ffd786462e87

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_amd64.deb
      Size/MD5:   249658 16312043daa9f77500a19a3f2bf0bbfc
    http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_amd64.udeb
      Size/MD5:   119232 96264dd4213fa4c4d02b0887e2abb284

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_i386.deb
      Size/MD5:   241698 d5dd659c24a84d909feba21ed0ccefe1
    http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_i386.udeb
      Size/MD5:   112268 62d4708363a842c8d4bf282a87fac026

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_lpia.deb
      Size/MD5:   240992 1d5e2af0227b29405763279a04193155
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_lpia.udeb
      Size/MD5:   111328 be42f9c9014555386d1fe99b43376c19

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_powerpc.deb
      Size/MD5:   256726 e4ff5944bca367c804accbf927d416ae
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_powerpc.udeb
      Size/MD5:   126314 6fc5f8629af2d78723aeb588f7cb27ae

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-1ubuntu1.1_sparc.deb
      Size/MD5:   243624 46787ca84b77e2330c38db7aa8bd6ecb
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-1ubuntu1.1_sparc.udeb
      Size/MD5:   113856 a789be19ca6aa42960e3330e3a1a1252

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1.diff.gz
      Size/MD5:    18470 f9f8a21925957ff4524d7b522648b096
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1.dsc
      Size/MD5:     1162 1aff87b060d61a095a761370685556d2
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4.orig.tar.gz
      Size/MD5:  1475149 69e8a7296c0e12c53bd9ffd786462e87

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_amd64.deb
      Size/MD5:   249808 e3d7b4fa7ac99ce2430bd06ce7ebe879
    http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_amd64.udeb
      Size/MD5:   119320 2b3db8b5d2e77e6793ed81c0ecace5e0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_i386.deb
      Size/MD5:   241732 572ab5efa430d6da464c60301de01b7b
    http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_i386.udeb
      Size/MD5:   112198 79f3209d6fb79ecdd2aa569f2969ed4e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_lpia.deb
      Size/MD5:   241120 5a5497104d603fa8bf118cb11853e05b
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_lpia.udeb
      Size/MD5:   111318 e575f2ea6eedc2588075d99ce62e7c45

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_powerpc.deb
      Size/MD5:   256764 4349fe2613b98215705475f428719bf7
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_powerpc.udeb
      Size/MD5:   126234 649d9bcea3eaebe3fb7c120d4b0110ca

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/w/wget/wget_1.11.4-2ubuntu1.1_sparc.deb
      Size/MD5:   243696 30650bcb3533c5c087e96ff9ec4e9638
    http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.11.4-2ubuntu1.1_sparc.udeb
      Size/MD5:   113800 47c8a2fcffff44d84d077fa3afec1b7a




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.