漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that Wget incorrectly handled certain HTTP responses.
It was discovered that Wget incorrectly handled recursive or mirroring mode.
It was discovered that Wget incorrectly handled CRLF sequences in HTTP headers.
漏洞危害
A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090)
A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098)
A remote attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2017-6508)
解决方案
Refer to Ubuntu advisory USN-3464-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3464-1: 16.04 (Xenial) on src (wget)
USN-3464-1: 17.10 (artful) on src (wget)
0daybank
文章评论