Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Unable to find wget 1.12.x win32 binary ...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
GNU Project
And, this specific program:
GNU wget 1.x

This thread has been marked as locked.
mtodorov Unable to find wget 1.12.x win32 binary ...
Member 17th Mar, 2013 16:53
Ranking: 12
Posts: 168
User Since: 20th Mar, 2009
System Score: N/A
Location: HR
Last edited on 17th Mar, 2013 16:56

Hi all,

I am having a problem with GNU win32 wget 1.11.4.3287 binary, which is detected as "vulnerable" by Secunia PSI 2.0.0.4003.

However, "Install Solution" offers http://www.gnu.org/software/wget/wget.html link. From this link only "Whet Wgiki" link leads to a win32 binary, but alas again 1.11.4.

This doesn't seem to offer a 1.12.x wget version.

It says clearly:

http://wget.addictivecode.org/FrequentlyAskedQuest...
http://users.ugent.be/%7ebpuype/wget/#download

(unknown source)
Where is 1.12?

Latest official version of wget is currently wget 1.12, however this version does not currently compile for Windows. I am looking into this, but a Windows version of wget 1.12 may still take some time. The suggested mingw32 compile path is not a viable option to me right now, mainly because of the lack of IPv6 and 64-bit support.


The question now is what is then the official recommendation? I am not going to deinstall wget, as it is a good method for text mode download and for use in scripts.

Thank you,
mt



--
"If a task is worth doing, it is worth doing right. If it is not worth doing well, it is not worth doing." -- Dr. Jack Hyles
<><

ddmarshall RE: Unable to find wget 1.12.x win32 binary ...
Dedicated Contributor 17th Mar, 2013 20:22
Score: 1211
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I don't think you will get an official recommendation. The Windows version does not seem to have had any maintenance since 2008.

The vulnerability is a man in the middle attack of the type described in http://www.blackhat.com/presentations/bh-usa-09/MA... . It looks a fairly remote threat for a normal home user.

The bug reports are for Linux. It's not clear whether Windows is affected.



--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
mogs RE: Unable to find wget 1.12.x win32 binary ...
Expert Contributor 17th Mar, 2013 20:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@mtodorov

It doesn't appear that there is a solution in the Secunia Advisory here :-
http://secunia.com/advisories/product/3416/?task=a...
Excerpt

Most Critical Unpatched
The most severe unpatched Secunia advisory affecting GNU wget 1.x, with all vendor patches applied, is rated Less critical .

In other words.....if all patches available are applied it is still vulnerable.....it would seem that you are up to date. There's no mention of a Solution in the Advisory.

Hope it helps........

--
Was this reply relevant?
+1
-0
mtodorov RE: Unable to find wget 1.12.x win32 binary ...
Member 20th Mar, 2013 08:24
Score: 12
Posts: 168
User Since: 20th Mar 2009
System Score: N/A
Location: HR
Last edited on 20th Mar, 2013 08:24
Yes, I have happened to personally know Hrvoje Niksic, the author of UN*X wget, but I can't say the same for Windows version maintainers.

I wish I could help, but I am not equipped with Windows development toolkit. The problem seems to be in the MITM attack. As wget is used in automated administrator scripts, the security hole could be serious, allowing attacker to subvert automated toolkit into executing his malware script.



--
"If a task is worth doing, it is worth doing right. If it is not worth doing well, it is not worth doing." -- Dr. Jack Hyles
<><
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer