Hello!
On 2005-10-14, the moderately critical advisory CVE-2005-3185 noted a vulnerability in the NTLM HTTP authentication in wget version 1.10.1:
http://secunia.com/advisories/17192/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3185
The suggested solution was to upgrade to v1.10.2, which has the fix to this buffer overflow.
I compared the GNU sources of wget v1.10.1 and v1.10.2 from here
http://ftp.gnu.org/pub/gnu/wget/
And the only changes are a two-line fix to http-ntlm.c to check the buffer, and a very small change to SSL behavior.
Since the changes are minor and the latest GnuWin32 build of wget on sourceforge is still the vulnerable 1.10.1 version (2005-08-20)
https://sourceforge.net/project/showfiles.php?group_id=23617&package_id=16430
I wonder if the new version might be packaged and upped to sourceforge?
Hello!
On 2005-10-14, the moderately critical advisory
CVE-2005-3185 noted a vulnerability in the NTLM
HTTP authentication in wget version 1.10.1:
http://secunia.com/advisories/17192/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3185
The suggested solution was to upgrade to v1.10.2,
which has the fix to this buffer overflow.
I compared the GNU sources of wget v1.10.1 and
v1.10.2 from here
http://ftp.gnu.org/pub/gnu/wget/
And the only changes are a two-line fix to
http-ntlm.c to check the buffer, and a very
small change to SSL behavior.
Since the changes are minor and the latest
GnuWin32 build of wget on sourceforge is still
the vulnerable 1.10.1 version (2005-08-20)
https://sourceforge.net/project/showfiles.php?group_id=23617&package_id=16430
I wonder if the new version might be packaged and
upped to sourceforge?