7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.7%
CentOS Errata and Security Advisory CESA-2005:830
GNU Wget is a file retrieval utility that can use either the HTTP or
FTP protocols.
A stack based buffer overflow bug was found in the wget implementation of
NTLM authentication. An attacker could execute arbitrary code on a user’s
machine if the user can be tricked into connecting to a malicious web
server using NTLM authentication. The Common Vulnerabilities and Exposures
project has assigned the name CVE-2005-3185 to this issue.
All users of wget are advised to upgrade to these updated packages, which
contain a backported patch that resolves this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-November/074514.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074516.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074519.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074520.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074532.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074533.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074535.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074536.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074537.html
https://lists.centos.org/pipermail/centos-announce/2005-November/074538.html
Affected packages:
openssl096b
wget
Upstream details at:
https://access.redhat.com/errata/RHSA-2005:812
https://access.redhat.com/errata/RHSA-2005:830
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | openssl096b | < 0.9.6b-22.42 | openssl096b-0.9.6b-22.42.ia64.rpm |
CentOS | 4 | alpha | wget | < 1.10.2-0.40E | wget-1.10.2-0.40E.alpha.rpm |
CentOS | 3 | ia64 | openssl096b | < 0.9.6b-16.42 | openssl096b-0.9.6b-16.42.ia64.rpm |
CentOS | 4 | alpha | openssl096b | < 0.9.6b-22.42axp | openssl096b-0.9.6b-22.42axp.alpha.rpm |
CentOS | 4 | i386 | openssl096b | < 0.9.6b-22.42 | openssl096b-0.9.6b-22.42.i386.rpm |
CentOS | 4 | i386 | openssl096b | < 0.9.6b-22.42 | openssl096b-0.9.6b-22.42.i386.rpm |
CentOS | 4 | x86_64 | openssl096b | < 0.9.6b-22.42 | openssl096b-0.9.6b-22.42.x86_64.rpm |
CentOS | 3 | i386 | openssl096b | < 0.9.6b-16.42 | openssl096b-0.9.6b-16.42.i386.rpm |
CentOS | 3 | i386 | openssl096b | < 0.9.6b-16.42 | openssl096b-0.9.6b-16.42.i386.rpm |
CentOS | 3 | x86_64 | openssl096b | < 0.9.6b-16.42 | openssl096b-0.9.6b-16.42.x86_64.rpm |