Upstream information

CVE-2006-6719 at MITRE

Description

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 231063 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • wget >= 1.11.4-1.15.1
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA wget
SUSE Linux Enterprise Server 11 SP2
  • wget >= 1.11.4-1.15.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA wget
SUSE Linux Enterprise Server 11 SP3
  • wget >= 1.11.4-1.15.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA wget
SUSE Linux Enterprise Server 11 SP4
  • wget >= 1.11.4-1.19.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA wget
SUSE Linux Enterprise Server 11-SECURITY
  • wget-openssl1 >= 1.11.4-1.26.1
Patchnames:
SUSE Linux Enterprise Server 11-SECURITY GA wget-openssl1