Forum Thread: Unable to find wget 1.12.x win32 binary ...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
GNU Project
And, this specific program:
GNU wget 1.x

This thread has been marked as locked.
mtodorov Unable to find wget 1.12.x win32 binary ...
Member 17th Mar, 2013 16:53
Ranking: 12
Posts: 177
User Since: 20th Mar, 2009
System Score: N/A
Location: HR
Last edited on 17th Mar, 2013 16:56

Hi all,

I am having a problem with GNU win32 wget 1.11.4.3287 binary, which is detected as "vulnerable" by Secunia PSI 2.0.0.4003.

However, "Install Solution" offers http://www.gnu.org/software/wget/wget.html link. From this link only "Whet Wgiki" link leads to a win32 binary, but alas again 1.11.4.

This doesn't seem to offer a 1.12.x wget version.

It says clearly:

http://wget.addictivecode.org/FrequentlyAskedQuest...
http://users.ugent.be/%7ebpuype/wget/#download

(unknown source)
Where is 1.12?

Latest official version of wget is currently wget 1.12, however this version does not currently compile for Windows. I am looking into this, but a Windows version of wget 1.12 may still take some time. The suggested mingw32 compile path is not a viable option to me right now, mainly because of the lack of IPv6 and 64-bit support.


The question now is what is then the official recommendation? I am not going to deinstall wget, as it is a good method for text mode download and for use in scripts.

Thank you,
mt



--
"If a task is worth doing, it is worth doing right. If it is not worth doing well, it is not worth doing." -- Dr. Jack Hyles
<><

ddmarshall RE: Unable to find wget 1.12.x win32 binary ...
Dedicated Contributor 17th Mar, 2013 20:22
Score: 1232
Posts: 979
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I don't think you will get an official recommendation. The Windows version does not seem to have had any maintenance since 2008.

The vulnerability is a man in the middle attack of the type described in http://www.blackhat.com/presentations/bh-usa-09/MA... . It looks a fairly remote threat for a normal home user.

The bug reports are for Linux. It's not clear whether Windows is affected.



--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
mogs RE: Unable to find wget 1.12.x win32 binary ...
Expert Contributor 17th Mar, 2013 20:27
Score: 2265
Posts: 6,269
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@mtodorov

It doesn't appear that there is a solution in the Secunia Advisory here :-
http://secunia.com/advisories/product/3416/?task=a...
Excerpt

Most Critical Unpatched
The most severe unpatched Secunia advisory affecting GNU wget 1.x, with all vendor patches applied, is rated Less critical .

In other words.....if all patches available are applied it is still vulnerable.....it would seem that you are up to date. There's no mention of a Solution in the Advisory.

Hope it helps........

--
Was this reply relevant?
+1
-0
mtodorov RE: Unable to find wget 1.12.x win32 binary ...
Member 20th Mar, 2013 08:24
Score: 12
Posts: 177
User Since: 20th Mar 2009
System Score: N/A
Location: HR
Last edited on 20th Mar, 2013 08:24
Yes, I have happened to personally know Hrvoje Niksic, the author of UN*X wget, but I can't say the same for Windows version maintainers.

I wish I could help, but I am not equipped with Windows development toolkit. The problem seems to be in the MITM attack. As wget is used in automated administrator scripts, the security hole could be serious, allowing attacker to subvert automated toolkit into executing his malware script.



--
"If a task is worth doing, it is worth doing right. If it is not worth doing well, it is not worth doing." -- Dr. Jack Hyles
<><
Was this reply relevant?
+1
-0

This thread has been marked as locked.