Read and respond to this message at: https://sourceforge.net/projects/gnuwin32/forums/forum/74807/topic/3423003 By: liamtr
This version of Wget is vulnerable to an exploit. Please update Wget to version 1.12. Exploit advisory url: [http://secunia.com/advisories/36540/][1] Info: Description: A vulnerability has been reported in wget, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to an error when processing SSL certificates containing NULL ('\0') characters embedded in certain certificate fields and can be exploited to spoof certificates for legitimate domains. This is related to vulnerability #2 in: SA36093 [http://secunia.com/SA36093/][2] Solution: Update to version 1.12. [http://ftp.gnu.org/gnu/wget/][3] Provided and/or discovered by: Independently discovered by Dan Kaminsky and Moxie Marlinspike. Changelog: 2009-09-23: Updated "Solution" section. Added link to "Original Advisory" section. 2009-10-01: Added CVE reference. Original Advisory: [http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html][4] [http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7][5] [http://permalink.gmane.org/gmane.comp.web.wget.general/8972][6] Other References: SA36093: [http://secunia.com/advisories/36093/][7] CVE reference: CVE-2009-3490 [http://secunia.com/advisories/cve_reference/CVE-2009-3490/][8] I like this distro of Wget. Keep up the good work! Thanks, Liam [1]: http://secunia.com/advisories/36540/ [2]: http://secunia.com/SA36093/ [3]: http://ftp.gnu.org/gnu/wget/ [4]: http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html [5]: http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7 [6]: http://permalink.gmane.org/gmane.comp.web.wget.general/8972 [7]: http://secunia.com/advisories/36093/ [8]: http://secunia.com/advisories/cve_reference/CVE-2009-3490/ ______________________________________________________________________ You are receiving this email because you elected to monitor this forum. To stop monitoring this forum, login to SourceForge.net and visit: https://sourceforge.net/projects/gnuwin32/forums/forum/74807/topic/3423003 ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ GnuWin32-Users mailing list GnuWin32-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gnuwin32-users
