User: Password:
Subscribe / Log in / New account

wget: man in the middle attack

Package(s):wget CVE #(s):CVE-2009-3490
Created:October 6, 2009 Updated:December 4, 2009
Description: From the Ubuntu advisory: It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
Mandriva MDVSA-2009:206-1 wget 2009-12-04
Fedora FEDORA-2009-11836 wget 2009-11-20
Fedora FEDORA-2009-11740 wget 2009-11-20
Fedora FEDORA-2009-11739 wget 2009-11-20
CentOS CESA-2009:1549 wget 2009-11-14
Debian DSA-1904-1 wget 2009-10-09
Ubuntu USN-842-1 wget 2009-10-06
Red Hat RHSA-2009:1549-01 wget 2009-11-03
CentOS CESA-2009:1549 wget 2009-11-09
CentOS CESA-2009:1549 wget 2009-11-03
Gentoo 200910-01 wget 2009-10-20

(Log in to post comments)

wget: man in the middle attack

Posted Oct 8, 2009 13:14 UTC (Thu) by nix (subscriber, #2304) [Link]

Also fixed in upstream wget 1.12.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds