Vulnerability Details : CVE-2017-13089

The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.
Publish Date : 2017-10-27 Last Update Date : 2017-12-29

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	9.3
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Overflow
CWE ID	119

- Related OVAL Definitions

Title	Definition Id	Class	Family
RHSA-2017:3075: wget security update (Important)	oval:com.redhat.rhsa:def:20173075		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2017-13089

#	Product Type	Vendor	Product	Version
1	OS	Debian	Debian Linux	8.0	Version Details Vulnerabilities
2	OS	Debian	Debian Linux	9.0	Version Details Vulnerabilities
3	Application	GNU	Wget	1.19.1	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Debian	Debian Linux	2
GNU	Wget	1

- References For CVE-2017-13089

https://access.redhat.com/errata/RHSA-2017:3075
REDHAT RHSA-2017:3075

http://www.debian.org/security/2017/dsa-4008
DEBIAN DSA-4008

http://www.securityfocus.com/bid/101592
BID 101592 GNU wget CVE-2017-13089 Stack Buffer Overflow Vulnerability Release Date:2017-11-14

https://github.com/r1b/CVE-2017-13089

https://security.gentoo.org/glsa/201711-06
GENTOO GLSA-201711-06

https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html

http://www.securitytracker.com/id/1039661
SECTRACK 1039661

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f CONFIRM

https://www.synology.com/support/security/Synology_SA_17_62_Wget CONFIRM

- Metasploit Modules Related To CVE-2017-13089

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)