**Issue Overview:**
libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.(CVE-2018-16890)
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.(CVE-2017-8816)
curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.(CVE-2017-8818)
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)
libcurl is vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.(CVE-2019-3822)
libcurl is vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.(CVE-2019-3823)
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.(CVE-2017-8817)
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)
A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.(CVE-2018-16840)
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.(CVE-2018-16839)
**Affected Packages:**
curl
**Issue Correction:**
Run _yum update curl_ to update your system.
**New Packages:**
aarch64:
curl-7.61.1-9.amzn2.0.1.aarch64
libcurl-7.61.1-9.amzn2.0.1.aarch64
libcurl-devel-7.61.1-9.amzn2.0.1.aarch64
curl-debuginfo-7.61.1-9.amzn2.0.1.aarch64
i686:
curl-7.61.1-9.amzn2.0.1.i686
libcurl-7.61.1-9.amzn2.0.1.i686
libcurl-devel-7.61.1-9.amzn2.0.1.i686
curl-debuginfo-7.61.1-9.amzn2.0.1.i686
src:
curl-7.61.1-9.amzn2.0.1.src
x86_64:
curl-7.61.1-9.amzn2.0.1.x86_64
libcurl-7.61.1-9.amzn2.0.1.x86_64
libcurl-devel-7.61.1-9.amzn2.0.1.x86_64
curl-debuginfo-7.61.1-9.amzn2.0.1.x86_64
{"id": "ALAS2-2019-1162", "type": "amazon", "bulletinFamily": "unix", "title": "Medium: curl", "description": "**Issue Overview:**\n\nlibcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.(CVE-2018-16890) \n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.(CVE-2017-8816)\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.(CVE-2017-8818)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.(CVE-2019-3822)\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.(CVE-2019-3823)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.(CVE-2017-8817)\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nA heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.(CVE-2018-16840)\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.(CVE-2018-16839)\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 curl-7.61.1-9.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 libcurl-7.61.1-9.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 libcurl-devel-7.61.1-9.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.61.1-9.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 curl-7.61.1-9.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 libcurl-7.61.1-9.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 libcurl-devel-7.61.1-9.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.61.1-9.amzn2.0.1.i686 \n \n src: \n \u00a0\u00a0\u00a0 curl-7.61.1-9.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 curl-7.61.1-9.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-7.61.1-9.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-devel-7.61.1-9.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.61.1-9.amzn2.0.1.x86_64 \n \n \n", "published": "2019-02-16T00:34:00", "modified": "2019-02-18T17:59:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1162.html", "reporter": "Amazon", "references": [], "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "immutableFields": [], "lastseen": "2021-07-25T19:39:11", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2017-919", "ALAS-2017-922", "ALAS-2018-1112", "ALAS-2018-938", "ALAS-2019-1148", "ALAS-2019-1151", "ALAS-2019-1297", "ALAS2-2018-1135"]}, {"type": "apple", "idList": ["APPLE:A906ED60E2875C343BE4CB7524339858", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "APPLE:HT208331", "APPLE:HT208465", "APPLE:HT208692"]}, {"type": "archlinux", "idList": ["ASA-201710-2", "ASA-201710-3", "ASA-201710-4", "ASA-201710-5", "ASA-201710-6", "ASA-201710-7", "ASA-201711-10", "ASA-201711-11", "ASA-201711-33", "ASA-201711-34", "ASA-201711-35", "ASA-201711-36", "ASA-201711-37", "ASA-201711-38", "ASA-201711-6", "ASA-201711-7", "ASA-201711-8", "ASA-201711-9", "ASA-201811-4", "ASA-201811-5", "ASA-201811-6", "ASA-201811-7", "ASA-201811-8", "ASA-201811-9", "ASA-201902-10", "ASA-201902-11", "ASA-201902-12", "ASA-201902-13", "ASA-201902-9"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "centos", "idList": ["CESA-2017:3263", "CESA-2019:2181"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-1539"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:057632FDE3425E82800DCEC32F03F510", "CFOUNDRY:301EA79552728C3E2FE408E0DAA6CADB", "CFOUNDRY:4CFCCAC7D8EED4AADC23078DD6BCE0FD", "CFOUNDRY:B92BE0D66798E831F55CF2D88AA976E4", "CFOUNDRY:BEC29068FF9B9E9E3C72A65C1CB6D172", "CFOUNDRY:D2095944B38019F3860438162F040964", "CFOUNDRY:DD23A5B6758E6355A1168BA51E212098"]}, {"type": "cve", "idList": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1121-1:CE806", "DEBIAN:DLA-1143-1:BD083", "DEBIAN:DLA-1195-1:A5E2E", "DEBIAN:DLA-1568-1:3204E", "DEBIAN:DLA-1568-1:BCC8A", "DEBIAN:DLA-1672-1:150F0", "DEBIAN:DSA-3992-1:192C5", "DEBIAN:DSA-3992-1:EE5A8", "DEBIAN:DSA-4007-1:F07C6", "DEBIAN:DSA-4051-1:99280", "DEBIAN:DSA-4331-1:5BA4B", "DEBIAN:DSA-4386-1:8CA8C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-1000254", "DEBIANCVE:CVE-2017-1000257", "DEBIANCVE:CVE-2017-8816", "DEBIANCVE:CVE-2017-8817", "DEBIANCVE:CVE-2017-8818", "DEBIANCVE:CVE-2018-14618", "DEBIANCVE:CVE-2018-16839", "DEBIANCVE:CVE-2018-16840", "DEBIANCVE:CVE-2018-16842", "DEBIANCVE:CVE-2018-16890", "DEBIANCVE:CVE-2018-20483", "DEBIANCVE:CVE-2019-3822", "DEBIANCVE:CVE-2019-3823"]}, {"type": "f5", "idList": ["F5:K03314397", "F5:K49348053", "F5:K84141449"]}, {"type": "fedora", "idList": ["FEDORA:06A186172F8B", "FEDORA:07E88601F374", "FEDORA:1324F60D30E4", "FEDORA:2516F60DE59E", "FEDORA:346E760BB4ED", "FEDORA:34EA76087F11", "FEDORA:4813E602F5BE", "FEDORA:48680605A28F", "FEDORA:4B79E60877A0", "FEDORA:597806048158", "FEDORA:5C8E66094E72", "FEDORA:759B2649E501", "FEDORA:7CCA26069A73", "FEDORA:876686076974", "FEDORA:87D78601E81F", "FEDORA:87E10609625F", "FEDORA:96EC06015F62", "FEDORA:995AF61F9AAB", "FEDORA:C2B146042816", "FEDORA:D8E6160F62FB", "FEDORA:F333B60525B6"]}, {"type": "freebsd", "idList": ["143EC3D6-B7CF-11E7-AC58-B499BAEBFEAF", "198E6220-AC8B-11E9-A1C7-B499BAEBFEAF", "301A01B7-D50E-11E7-AC58-B499BAEBFEAF", "714B033A-2B09-11E9-8BC3-610FD6E6CD05", "A737EB11-5CFC-11E9-AB87-8CEC4BF8FCFB", "CCACE707-A8D8-11E7-AC58-B499BAEBFEAF", "E0AB1773-07C1-46C6-9170-4C5E81C00927", "F4D638B9-E6E5-4DBE-8C70-571DBC116174"]}, {"type": "gentoo", "idList": ["GLSA-201712-04", "GLSA-201903-03", "GLSA-201903-08"]}, {"type": "hackerone", "idList": ["H1:278231", "H1:518097", "H1:872089"]}, {"type": "ibm", "idList": ["1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "3678AFB0427534CB6AC45AB8F2468DC4FDEBBC32F462E5D89ADF5534A136C116", "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC", "BEB7C34BABCEDADBF3FBACF8CEAA713D4D142B24ECDEAFD9A5F0A33F67656D53", "C5CB5A987B338210CB42B96B34B62F6E121ABC13884503C2B9AEEAEB372E9DFC", "C691D3480A0BD2CFAD2C3492815685AC908FFC9049ECF50C06B60B0D56980299", "CCB8A74F51C432B3A46A3F2AF7A9FAD9160E90547F4D55779D9512BA7B58F299"]}, {"type": "ics", "idList": ["ICSA-19-099-04", "ICSA-20-068-10", "ICSA-21-068-10"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "mageia", "idList": ["MGASA-2018-0053", "MGASA-2018-0054", "MGASA-2019-0015"]}, {"type": "nessus", "idList": ["700513.PRM", "700514.PRM", "700515.PRM", "AL2_ALAS-2018-1135.NASL", "AL2_ALAS-2019-1162.NASL", "ALA_ALAS-2017-919.NASL", "ALA_ALAS-2017-922.NASL", "ALA_ALAS-2018-1112.NASL", "ALA_ALAS-2018-938.NASL", "ALA_ALAS-2019-1148.NASL", "ALA_ALAS-2019-1151.NASL", "ALA_ALAS-2019-1297.NASL", "CENTOS8_RHSA-2019-3701.NASL", "CENTOS_RHSA-2017-3263.NASL", "CENTOS_RHSA-2019-2181.NASL", "DEBIAN_DLA-1121.NASL", "DEBIAN_DLA-1143.NASL", "DEBIAN_DLA-1195.NASL", "DEBIAN_DLA-1568.NASL", "DEBIAN_DLA-1672.NASL", "DEBIAN_DSA-3992.NASL", "DEBIAN_DSA-4007.NASL", "DEBIAN_DSA-4051.NASL", "DEBIAN_DSA-4331.NASL", "DEBIAN_DSA-4386.NASL", "EULEROS_SA-2017-1287.NASL", "EULEROS_SA-2017-1288.NASL", "EULEROS_SA-2017-1312.NASL", "EULEROS_SA-2017-1313.NASL", "EULEROS_SA-2018-1039.NASL", "EULEROS_SA-2018-1040.NASL", "EULEROS_SA-2018-1237.NASL", "EULEROS_SA-2018-1330.NASL", "EULEROS_SA-2019-1237.NASL", "EULEROS_SA-2019-1240.NASL", "EULEROS_SA-2019-1269.NASL", "EULEROS_SA-2019-1540.NASL", "EULEROS_SA-2019-1549.NASL", "EULEROS_SA-2019-1550.NASL", "EULEROS_SA-2019-1663.NASL", "EULEROS_SA-2019-1665.NASL", "EULEROS_SA-2019-1695.NASL", "EULEROS_SA-2019-2054.NASL", "EULEROS_SA-2019-2410.NASL", "EULEROS_SA-2020-1626.NASL", "FEDORA_2017-0C062324CD.NASL", "FEDORA_2017-45BDF4DACE.NASL", "FEDORA_2017-601B4C20A4.NASL", "FEDORA_2017-B25C8A7087.NASL", "FEDORA_2017-E8179C06FD.NASL", "FEDORA_2017-EBF32659BF.NASL", "FEDORA_2018-298A3D2923.NASL", "FEDORA_2018-69BAC0F51C.NASL", "FEDORA_2018-7785911C9E.NASL", "FEDORA_2018-FDC4CA8675.NASL", "FEDORA_2019-088875C43A.NASL", "FEDORA_2019-427A0BA9E3.NASL", "FEDORA_2019-43489941FF.NASL", "FEDORA_2019-D1B5CF0055.NASL", "FREEBSD_PKG_143EC3D6B7CF11E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_198E6220AC8B11E9A1C7B499BAEBFEAF.NASL", "FREEBSD_PKG_301A01B7D50E11E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_714B033A2B0911E98BC3610FD6E6CD05.NASL", "FREEBSD_PKG_A737EB115CFC11E9AB878CEC4BF8FCFB.NASL", "FREEBSD_PKG_CCACE707A8D811E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_E0AB177307C146C691704C5E81C00927.NASL", "FREEBSD_PKG_F4D638B9E6E54DBE8C70571DBC116174.NASL", "GENTOO_GLSA-201712-04.NASL", "GENTOO_GLSA-201903-03.NASL", "GENTOO_GLSA-201903-08.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOSX_SECUPD2018-002.NASL", "MACOS_10_13_2.NASL", "MACOS_10_13_3.NASL", "MYSQL_5_7_27_JULY.NASL", "MYSQL_8_0_16.NASL", "NEWSTART_CGSL_NS-SA-2019-0002_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0171_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0182_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0193_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0235_CURL.NASL", "OPENSUSE-2017-1200.NASL", "OPENSUSE-2018-1379.NASL", "OPENSUSE-2018-1383.NASL", "OPENSUSE-2018-56.NASL", "OPENSUSE-2019-1311.NASL", "OPENSUSE-2019-173.NASL", "OPENSUSE-2019-174.NASL", "OPENSUSE-2019-57.NASL", "OPENSUSE-2019-903.NASL", "ORACLELINUX_ELSA-2017-3263.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_APR_2019.NASL", "PHOTONOS_PHSA-2017-0044.NASL", "PHOTONOS_PHSA-2017-0044_CURL.NASL", "PHOTONOS_PHSA-2017-0045.NASL", "PHOTONOS_PHSA-2017-0045_CURL.NASL", "PHOTONOS_PHSA-2017-0048.NASL", "PHOTONOS_PHSA-2017-0050.NASL", "PHOTONOS_PHSA-2017-0050_CURL.NASL", "PHOTONOS_PHSA-2017-1_0-0095.NASL", "PHOTONOS_PHSA-2017-1_0-0095_CURL.NASL", "PHOTONOS_PHSA-2018-1_0-0108.NASL", "PHOTONOS_PHSA-2018-1_0-0108_CURL.NASL", "PHOTONOS_PHSA-2018-2_0-0009.NASL", "PHOTONOS_PHSA-2018-2_0-0009_CURL.NASL", "PHOTONOS_PHSA-2018-2_0-0016.NASL", "PHOTONOS_PHSA-2018-2_0-0016_CURL.NASL", "PHOTONOS_PHSA-2019-1_0-0203_CURL.NASL", "PHOTONOS_PHSA-2019-1_0-0205_CURL.NASL", "PHOTONOS_PHSA-2019-1_0-0209_CURL.NASL", "PHOTONOS_PHSA-2019-1_0-0237_WGET.NASL", "PHOTONOS_PHSA-2019-2_0-0131_CURL.NASL", "PHOTONOS_PHSA-2019-2_0-0171_CURL.NASL", "REDHAT-RHSA-2017-3263.NASL", "REDHAT-RHSA-2019-2181.NASL", "REDHAT-RHSA-2019-3701.NASL", "SLACKWARE_SSA_2017-279-01.NASL", "SLACKWARE_SSA_2017-297-01.NASL", "SLACKWARE_SSA_2017-333-03.NASL", "SLACKWARE_SSA_2018-304-01.NASL", "SLACKWARE_SSA_2019-037-01.NASL", "SL_20171127_CURL_ON_SL7_X.NASL", "SL_20190806_CURL_ON_SL7_X.NASL", "SUSE_SU-2017-2831-1.NASL", "SUSE_SU-2017-3176-1.NASL", "SUSE_SU-2018-0122-1.NASL", "SUSE_SU-2018-3608-1.NASL", "SUSE_SU-2018-3624-1.NASL", "SUSE_SU-2018-3681-1.NASL", "SUSE_SU-2019-0093-1.NASL", "SUSE_SU-2019-0248-1.NASL", "SUSE_SU-2019-0249-1.NASL", "SUSE_SU-2019-0339-1.NASL", "SUSE_SU-2019-0996-1.NASL", "UBUNTU_USN-3441-1.NASL", "UBUNTU_USN-3457-1.NASL", "UBUNTU_USN-3498-1.NASL", "UBUNTU_USN-3805-1.NASL", "UBUNTU_USN-3882-1.NASL", "UBUNTU_USN-3943-1.NASL", "VIRTUOZZO_VZLSA-2017-3263.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142650", "OPENVAS:1361412562310142651", "OPENVAS:1361412562310703992", "OPENVAS:1361412562310704007", "OPENVAS:1361412562310704051", "OPENVAS:1361412562310704331", "OPENVAS:1361412562310704386", "OPENVAS:1361412562310812308", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310812661", "OPENVAS:1361412562310813114", "OPENVAS:1361412562310843328", "OPENVAS:1361412562310843347", "OPENVAS:1361412562310843384", "OPENVAS:1361412562310843802", "OPENVAS:1361412562310843899", "OPENVAS:1361412562310852115", "OPENVAS:1361412562310852120", "OPENVAS:1361412562310852242", "OPENVAS:1361412562310852289", "OPENVAS:1361412562310852290", "OPENVAS:1361412562310873507", "OPENVAS:1361412562310873554", "OPENVAS:1361412562310873888", "OPENVAS:1361412562310873891", "OPENVAS:1361412562310874598", "OPENVAS:1361412562310875089", "OPENVAS:1361412562310875243", "OPENVAS:1361412562310875313", "OPENVAS:1361412562310875400", "OPENVAS:1361412562310875557", "OPENVAS:1361412562310875689", "OPENVAS:1361412562310875707", "OPENVAS:1361412562310875984", "OPENVAS:1361412562310876088", "OPENVAS:1361412562310876475", "OPENVAS:1361412562310876863", "OPENVAS:1361412562310882804", "OPENVAS:1361412562310891121", "OPENVAS:1361412562310891143", "OPENVAS:1361412562310891568", "OPENVAS:1361412562310891672", "OPENVAS:1361412562311220171287", "OPENVAS:1361412562311220171288", "OPENVAS:1361412562311220171312", "OPENVAS:1361412562311220171313", "OPENVAS:1361412562311220181039", "OPENVAS:1361412562311220181040", "OPENVAS:1361412562311220181237", "OPENVAS:1361412562311220181330", "OPENVAS:1361412562311220191237", "OPENVAS:1361412562311220191240", "OPENVAS:1361412562311220191269", "OPENVAS:1361412562311220191540", "OPENVAS:1361412562311220191549", "OPENVAS:1361412562311220191550", "OPENVAS:1361412562311220191663", "OPENVAS:1361412562311220191665", "OPENVAS:1361412562311220191695", "OPENVAS:1361412562311220192054", "OPENVAS:1361412562311220192410", "OPENVAS:1361412562311220201626"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2019-5072832"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3263", "ELSA-2019-2181", "ELSA-2019-3701"]}, {"type": "osv", "idList": ["OSV:DLA-1121-1", "OSV:DLA-1143-1", "OSV:DLA-1195-1", "OSV:DLA-1568-1", "OSV:DLA-1672-1", "OSV:DSA-3992-1", "OSV:DSA-4007-1", "OSV:DSA-4051-1", "OSV:DSA-4331-1", "OSV:DSA-4386-1"]}, {"type": "photon", "idList": ["PHSA-2017-0002", "PHSA-2017-0004", "PHSA-2017-0045", "PHSA-2017-0050", "PHSA-2017-0084", "PHSA-2017-0088", "PHSA-2017-0095", "PHSA-2017-1.0-0095", "PHSA-2018-0009", "PHSA-2018-0016", "PHSA-2018-0108", "PHSA-2018-1.0-0108", "PHSA-2018-2.0-0016", "PHSA-2019-0002", "PHSA-2019-0016", "PHSA-2019-0128", "PHSA-2019-0131", "PHSA-2019-0137", "PHSA-2019-0161", "PHSA-2019-0171", "PHSA-2019-0203", "PHSA-2019-0205", "PHSA-2019-0209", "PHSA-2019-0216", "PHSA-2019-0237", "PHSA-2019-1.0-0203", "PHSA-2019-1.0-0205", "PHSA-2019-1.0-0209", "PHSA-2019-1.0-0216", "PHSA-2019-1.0-0237", "PHSA-2019-2.0-0128", "PHSA-2019-2.0-0131", "PHSA-2019-2.0-0137", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0171", "PHSA-2019-3.0-0002", "PHSA-2019-3.0-0016"]}, {"type": "redhat", "idList": ["RHSA-2017:3263", "RHSA-2018:2486", "RHSA-2018:3558", "RHSA-2019:1543", "RHSA-2019:2181", "RHSA-2019:3701", "RHSA-2020:4298"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000254", "RH:CVE-2017-1000257", "RH:CVE-2017-8816", "RH:CVE-2017-8817", "RH:CVE-2017-8818", "RH:CVE-2018-14618", "RH:CVE-2018-16839", "RH:CVE-2018-16840", "RH:CVE-2018-16842", "RH:CVE-2018-16890", "RH:CVE-2018-20483", "RH:CVE-2019-3822", "RH:CVE-2019-3823"]}, {"type": "slackware", "idList": ["SSA-2017-279-01", "SSA-2017-297-01", "SSA-2017-333-03", "SSA-2018-304-01", "SSA-2019-037-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3699-1", "OPENSUSE-SU-2018:3706-1", "OPENSUSE-SU-2019:0057-1", "OPENSUSE-SU-2019:0173-1", "OPENSUSE-SU-2019:0174-1"]}, {"type": "threatpost", "idList": ["THREATPOST:71CFE98EE69CB32A2F1F115FCB3ACF21"]}, {"type": "ubuntu", "idList": ["USN-3441-1", "USN-3441-2", "USN-3457-1", "USN-3498-1", "USN-3498-2", "USN-3805-1", "USN-3805-2", "USN-3882-1", "USN-3943-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-1000254", "UB:CVE-2017-1000257", "UB:CVE-2017-8816", "UB:CVE-2017-8817", "UB:CVE-2017-8818", "UB:CVE-2018-14618", "UB:CVE-2018-16839", "UB:CVE-2018-16840", "UB:CVE-2018-16842", "UB:CVE-2018-16890", "UB:CVE-2018-20483", "UB:CVE-2019-3822", "UB:CVE-2019-3823"]}, {"type": "veracode", "idList": ["VERACODE:21834", "VERACODE:25350", "VERACODE:31127"]}]}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-919", "ALAS-2017-922", "ALAS-2018-938"]}, {"type": "apple", "idList": ["APPLE:A906ED60E2875C343BE4CB7524339858", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "APPLE:HT208331", "APPLE:HT208465", "APPLE:HT208692"]}, {"type": "archlinux", "idList": ["ASA-201710-2", "ASA-201710-3", "ASA-201710-4", "ASA-201710-5", "ASA-201710-6", "ASA-201710-7", "ASA-201711-10", "ASA-201711-11", "ASA-201711-33", "ASA-201711-34", "ASA-201711-35", "ASA-201711-36", "ASA-201711-37", "ASA-201711-38", "ASA-201711-6", "ASA-201711-7", "ASA-201711-8", "ASA-201711-9", "ASA-201811-4", "ASA-201811-5", "ASA-201811-6", "ASA-201811-7", "ASA-201811-8", "ASA-201811-9", "ASA-201902-10", "ASA-201902-11", "ASA-201902-12", "ASA-201902-13", "ASA-201902-9"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "centos", "idList": ["CESA-2017:3263"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-1539"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:301EA79552728C3E2FE408E0DAA6CADB", "CFOUNDRY:4CFCCAC7D8EED4AADC23078DD6BCE0FD", "CFOUNDRY:B92BE0D66798E831F55CF2D88AA976E4"]}, {"type": "cve", "idList": ["CVE-2017-1000254", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1121-1:CE806", "DEBIAN:DLA-1143-1:BD083", "DEBIAN:DLA-1195-1:A5E2E", "DEBIAN:DSA-3992-1:EE5A8", "DEBIAN:DSA-4007-1:F07C6", "DEBIAN:DSA-4051-1:99280"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-1000254", "DEBIANCVE:CVE-2017-1000257", "DEBIANCVE:CVE-2017-8816", "DEBIANCVE:CVE-2017-8817", "DEBIANCVE:CVE-2017-8818", "DEBIANCVE:CVE-2018-16839", "DEBIANCVE:CVE-2018-16840", "DEBIANCVE:CVE-2018-16842", "DEBIANCVE:CVE-2018-16890", "DEBIANCVE:CVE-2019-3822", "DEBIANCVE:CVE-2019-3823"]}, {"type": "f5", "idList": ["F5:K49348053"]}, {"type": "fedora", "idList": ["FEDORA:06A186172F8B", "FEDORA:07E88601F374", "FEDORA:1324F60D30E4", "FEDORA:2516F60DE59E", "FEDORA:346E760BB4ED", "FEDORA:34EA76087F11", "FEDORA:4813E602F5BE", "FEDORA:48680605A28F", "FEDORA:4B79E60877A0", "FEDORA:597806048158", "FEDORA:5C8E66094E72", "FEDORA:759B2649E501", "FEDORA:876686076974", "FEDORA:87D78601E81F", "FEDORA:87E10609625F", "FEDORA:96EC06015F62", "FEDORA:C2B146042816", "FEDORA:D8E6160F62FB", "FEDORA:F333B60525B6"]}, {"type": "freebsd", "idList": ["301A01B7-D50E-11E7-AC58-B499BAEBFEAF", "CCACE707-A8D8-11E7-AC58-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201712-04"]}, {"type": "hackerone", "idList": ["H1:278231"]}, {"type": "ibm", "idList": ["3678AFB0427534CB6AC45AB8F2468DC4FDEBBC32F462E5D89ADF5534A136C116", "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7"]}, {"type": "ics", "idList": ["ICSA-19-099-04"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ALPINE-LINUX-CVE-2017-1000254/", "MSF:ILITIES/AMAZON_LINUX-CVE-2017-1000254/", "MSF:ILITIES/APPLE-OSX-CURL-CVE-2017-1000254/", "MSF:ILITIES/GENTOO-LINUX-CVE-2017-1000254/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-1000254/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-1000254/", "MSF:ILITIES/SUSE-CVE-2017-1000254/", "MSF:ILITIES/UBUNTU-CVE-2017-1000254/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2017-3263.NASL", "DEBIAN_DLA-1121.NASL", "DEBIAN_DLA-1195.NASL", "DEBIAN_DSA-3992.NASL", "DEBIAN_DSA-4051.NASL", "EULEROS_SA-2017-1287.NASL", "EULEROS_SA-2017-1288.NASL", "EULEROS_SA-2017-1312.NASL", "EULEROS_SA-2017-1313.NASL", "EULEROS_SA-2019-2054.NASL", "FEDORA_2017-0C062324CD.NASL", "FREEBSD_PKG_301A01B7D50E11E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_CCACE707A8D811E7AC58B499BAEBFEAF.NASL", "GENTOO_GLSA-201712-04.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "MACOS_10_13_3.NASL", "OPENSUSE-2018-1379.NASL", "OPENSUSE-2018-1383.NASL", "ORACLELINUX_ELSA-2017-3263.NASL", "REDHAT-RHSA-2017-3263.NASL", "SLACKWARE_SSA_2017-279-01.NASL", "SLACKWARE_SSA_2017-333-03.NASL", "SL_20171127_CURL_ON_SL7_X.NASL", "SUSE_SU-2017-3176-1.NASL", "SUSE_SU-2018-3681-1.NASL", "UBUNTU_USN-3441-1.NASL", "UBUNTU_USN-3498-1.NASL", "VIRTUOZZO_VZLSA-2017-3263.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703992", "OPENVAS:1361412562310704051", "OPENVAS:1361412562310812308", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310843384", "OPENVAS:1361412562310852115", "OPENVAS:1361412562310852120", "OPENVAS:1361412562310873888", "OPENVAS:1361412562310873891", "OPENVAS:1361412562310875243", "OPENVAS:1361412562310882804"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2019-5072832"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3263"]}, {"type": "photon", "idList": ["PHSA-2017-0002", "PHSA-2017-0004", "PHSA-2017-0045", "PHSA-2017-0050", "PHSA-2017-1.0-0095", "PHSA-2018-0009", "PHSA-2018-0108", "PHSA-2018-1.0-0108", "PHSA-2018-2.0-0016", "PHSA-2019-1.0-0203", "PHSA-2019-1.0-0205", "PHSA-2019-1.0-0209", "PHSA-2019-1.0-0216", "PHSA-2019-1.0-0237", "PHSA-2019-2.0-0128", "PHSA-2019-2.0-0131", "PHSA-2019-2.0-0137", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0171", "PHSA-2019-3.0-0002", "PHSA-2019-3.0-0016"]}, {"type": "redhat", "idList": ["RHSA-2020:4298"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-14618", "RH:CVE-2018-16839", "RH:CVE-2018-16840", "RH:CVE-2018-16890", "RH:CVE-2018-20483", "RH:CVE-2019-3822", "RH:CVE-2019-3823"]}, {"type": "slackware", "idList": ["SSA-2017-279-01", "SSA-2017-297-01", "SSA-2017-333-03"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3699-1", "OPENSUSE-SU-2018:3706-1"]}, {"type": "ubuntu", "idList": ["USN-3441-2", "USN-3457-1", "USN-3498-1", "USN-3805-1", "USN-3805-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16839", "UB:CVE-2018-16840", "UB:CVE-2018-16842", "UB:CVE-2018-16890", "UB:CVE-2018-20483", "UB:CVE-2019-3822", "UB:CVE-2019-3823"]}]}, "exploitation": null, "vulnersScore": 0.6}, "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "curl-7.61.1-9.amzn2.0.1.aarch64.rpm", "arch": "aarch64", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "curl"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "libcurl-7.61.1-9.amzn2.0.1.aarch64.rpm", "arch": "aarch64", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "libcurl"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "libcurl-devel-7.61.1-9.amzn2.0.1.aarch64.rpm", "arch": "aarch64", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "libcurl-devel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "curl-debuginfo-7.61.1-9.amzn2.0.1.aarch64.rpm", "arch": "aarch64", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "curl-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "curl-7.61.1-9.amzn2.0.1.i686.rpm", "arch": "i686", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "curl"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "libcurl-7.61.1-9.amzn2.0.1.i686.rpm", "arch": "i686", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "libcurl"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "libcurl-devel-7.61.1-9.amzn2.0.1.i686.rpm", "arch": "i686", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "libcurl-devel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "curl-debuginfo-7.61.1-9.amzn2.0.1.i686.rpm", "arch": "i686", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "curl-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "curl-7.61.1-9.amzn2.0.1.src.rpm", "arch": "src", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "curl"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "curl-7.61.1-9.amzn2.0.1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "curl"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "libcurl-7.61.1-9.amzn2.0.1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "libcurl"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "libcurl-devel-7.61.1-9.amzn2.0.1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "libcurl-devel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "curl-debuginfo-7.61.1-9.amzn2.0.1.x86_64.rpm", "arch": "x86_64", "packageVersion": "7.61.1-9.amzn2.0.1", "operator": "lt", "packageName": "curl-debuginfo"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "edition": 2, "scheme": null, "_state": {"dependencies": 1660032824, "score": 1660033602}, "_internal": {"score_hash": "4fd70c1dcb9d1337188a3a03848c188c"}}
{"nessus": [{"lastseen": "2022-06-16T16:15:34", "description": "libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.(CVE-2018-16890)\n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.(CVE-2017-8816)\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.(CVE-2017-8818)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\nWhen libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.(CVE-2019-3822)\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.(CVE-2019-3823)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.(CVE-2017-8817)\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nA heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.(CVE-2018-16840)\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.(CVE-2018-16839)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-19T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : curl (ALAS-2019-1162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-02-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1162.NASL", "href": "https://www.tenable.com/plugins/nessus/122260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122260);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\", \"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-8818\", \"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"ALAS\", value:\"2019-1162\");\n\n script_name(english:\"Amazon Linux 2 : curl (ALAS-2019-1162)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libcurl is vulnerable to a heap buffer out-of-bounds read. The\nfunction handling incoming NTLM type-2 messages\n(`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate\nincoming data correctly and is subject to an integer overflow\nvulnerability. Using that overflow, a malicious or broken NTLM server\ncould trick libcurl to accept a bad length + offset combination that\nwould lead to a buffer read out-of-bounds.(CVE-2018-16890)\n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on\n32-bit platforms allows attackers to cause a denial of service\n(integer overflow and resultant buffer overflow, and application\ncrash) or possibly have unspecified other impact via vectors involving\nlong user and password fields.(CVE-2017-8816)\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to\ncause a denial of service (out-of-bounds access and application crash)\nor possibly have unspecified other impact because too little memory is\nallocated for interfacing to an SSL library.(CVE-2017-8818)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\nWhen libcurl connects to an FTP server and successfully logs in\n(anonymous or not), it asks the server for the current directory with\nthe `PWD` command. The server then responds with a 257 response\ncontaining the path, inside double quotes. The returned path name is\nthen kept by libcurl for subsequent uses. Due to a flaw in the string\nparser for this directory name, a directory name passed like this but\nwithout a closing double quote would lead to libcurl not adding a\ntrailing NUL byte to the buffer holding the name. When libcurl would\nthen later access the string, it could read beyond the allocated heap\nbuffer and crash or wrongly access data beyond the buffer, thinking it\nwas part of the path. A malicious server could abuse this fact and\neffectively prevent libcurl-based clients to work with it - the PWD\ncommand is always issued on new FTP connections and the mistake has a\nhigh chance of causing a segfault. The simple fact that this has issue\nremained undiscovered for this long could suggest that malformed PWD\nresponses are rare in benign servers. We are not aware of any exploit\nof this flaw. This bug was introduced in commit\n[415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March\n2005. In libcurl version 7.56.0, the parser always zero terminates the\nstring but also rejects it if not terminated properly with a final\ndouble quote.(CVE-2017-1000254)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based\nbuffer over-read in the tool_msgs.c:voutf() function that may result\nin information exposure and denial of service.(CVE-2018-16842)\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function\ncreating an outgoing NTLM type-3 header\n(`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates\nthe request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting\noverflowed is implemented wrongly (using unsigned math) and as such it\ndoes not prevent the overflow from happening. This output data can\ngrow larger than the local buffer if very large 'nt response' data is\nextracted from a previous NTLMv2 header provided by the malicious or\nbroken HTTP server. Such a 'large value' needs to be around 1000 bytes\nor more. The actual payload data copied to the target buffer comes\nfrom the NTLMv2 type-2 response header.(CVE-2019-3822)\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code\nhandling the end-of-response for SMTP. If the buffer passed to\n`smtp_endofresp()` isn't NUL terminated and contains no character\nending the parsed number, and `len` is set to 5, then the `strtol()`\ncall reads beyond the allocated buffer. The read contents will not be\nreturned to the caller.(CVE-2019-3823)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows\nremote attackers to cause a denial of service (out-of-bounds read and\napplication crash) or possibly have unspecified other impact via a\nstring that ends with an '[' character.(CVE-2017-8817)\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's\norigin URL in the user.xdg.origin.url metadata attribute of the\nextended attributes of the downloaded file, which allows local users\nto obtain sensitive information (e.g., credentials contained in the\nURL) by reading this attribute, as demonstrated by getfattr. This also\napplies to Referer information in the user.xdg.referrer.url metadata\nattribute. According to 2016-07-22 in the Wget ChangeLog,\nuser.xdg.origin.url was partially based on the behavior of\nfwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP\nserver, an attacker could exploit this flaw to potentially cause\ninformation disclosure or crash the application.(CVE-2017-1000257)\n\nA heap use-after-free flaw was found in curl versions from 7.59.0\nthrough 7.61.1 in the code related to closing an easy handle. When\nclosing and cleaning up an 'easy' handle in the `Curl_close()`\nfunction, the library code first frees a struct (without nulling the\npointer) and might then subsequently erroneously write to a struct\nfield within that already freed struct.(CVE-2018-16840)\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun\nin the SASL authentication code that may lead to denial of\nservice.(CVE-2018-16839)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1162.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"curl-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"curl-debuginfo-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libcurl-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libcurl-devel-7.61.1-9.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:15:08", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3822: Fixed a NTLMv2 type-3 header stack-based buffer overflow (bsc#1123377).\n\nCVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378).\n\nCVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371).\n\nCVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660).\n\nCVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).\n\nCVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-13T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0339-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122149);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0339-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3822: Fixed a NTLMv2 type-3 header stack-based buffer\noverflow (bsc#1123377).\n\nCVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response\n(bsc#1123378).\n\nCVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2\n(bsc#1123371).\n\nCVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c\n(bsc#1113660).\n\nCVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).\n\nCVE-2018-16839: Fixed an SASL password overflow caused by an integer\noverflow (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16842/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3823/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190339-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?707494a7\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-339=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-339=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-339=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"curl-debugsource-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-debuginfo-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libcurl4-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"curl-debugsource-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.60.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.60.0-4.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T16:13:49", "description": "The remote host is affected by the vulnerability described in GLSA-201712-04 (cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could cause a Denial of Service condition, disclose sensitive information or other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-15T00:00:00", "type": "nessus", "title": "GLSA-201712-04 : cURL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:curl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201712-04.NASL", "href": "https://www.tenable.com/plugins/nessus/105264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201712-04.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105264);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\", \"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-8818\");\n script_xref(name:\"GLSA\", value:\"201712-04\");\n\n script_name(english:\"GLSA-201712-04 : cURL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201712-04\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause a Denial of Service condition, disclose\n sensitive information or other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201712-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.57.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.57.0\"), vulnerable:make_list(\"lt 7.57.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T17:01:33", "description": "An update for curl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack-based buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-06T00:00:00", "type": "nessus", "title": "RHEL 8 : curl (RHSA-2019:3701)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:curl-debugsource", "p-cpe:/a:redhat:enterprise_linux:curl-minimal-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "p-cpe:/a:redhat:enterprise_linux:libcurl-minimal", "p-cpe:/a:redhat:enterprise_linux:libcurl-minimal-debuginfo", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-3701.NASL", "href": "https://www.tenable.com/plugins/nessus/130568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3701. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130568);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"RHSA\", value:\"2019:3701\");\n\n script_name(english:\"RHEL 8 : curl (RHSA-2019:3701)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for curl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c\n(CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack-based buffer overflow\n(CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?774148ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-3823\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-minimal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-minimal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3701\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"curl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"curl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"curl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"curl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"curl-debugsource-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"curl-debugsource-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"curl-debugsource-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"curl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"curl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"curl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-devel-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-devel-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-devel-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-minimal-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-minimal-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-minimal-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"libcurl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"libcurl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"libcurl-minimal-debuginfo-7.61.1-11.el8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / curl-minimal-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:52:37", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:3701 advisory.\n\n - curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n - wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)\n\n - curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n - curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : curl (CESA-2019:3701)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:libcurl", "p-cpe:/a:centos:centos:libcurl-devel", "p-cpe:/a:centos:centos:libcurl-minimal"], "id": "CENTOS8_RHSA-2019-3701.NASL", "href": "https://www.tenable.com/plugins/nessus/145603", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:3701. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145603);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2018-16890\",\n \"CVE-2018-20483\",\n \"CVE-2019-3822\",\n \"CVE-2019-3823\"\n );\n script_bugtraq_id(106358, 106947, 106950);\n script_xref(name:\"RHSA\", value:\"2019:3701\");\n\n script_name(english:\"CentOS 8 : curl (CESA-2019:3701)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:3701 advisory.\n\n - curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n - wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)\n\n - curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n - curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3701\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'curl-7.61.1-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'curl-7.61.1-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-7.61.1-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-devel-7.61.1-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcurl-minimal-7.61.1-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / libcurl / libcurl-devel / libcurl-minimal');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:18:50", "description": "The remote host is affected by the vulnerability described in GLSA-201903-03 (cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-11T00:00:00", "type": "nessus", "title": "GLSA-201903-03 : cURL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-02-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:curl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201903-03.NASL", "href": "https://www.tenable.com/plugins/nessus/122731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201903-03.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122731);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2018-14618\", \"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"GLSA\", value:\"201903-03\");\n\n script_name(english:\"GLSA-201903-03 : cURL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201903-03\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201903-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.64.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.64.0\"), vulnerable:make_list(\"lt 7.64.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:55:26", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-01T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-304-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-304-01.NASL", "href": "https://www.tenable.com/plugins/nessus/118586", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-304-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118586);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"SSA\", value:\"2018-304-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-304-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.432448\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa628473\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16840\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.62.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:54:00", "description": "Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839)\n\nBrian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16840)\n\nBrian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3805-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "p-cpe:/a:canonical:ubuntu_linux:libcurl4", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3805-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118591", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3805-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118591);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"USN\", value:\"3805-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3805-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Harry Sintonen discovered that curl incorrectly handled SASL\nauthentication. A remote attacker could use this issue to cause curl\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2018-16839)\n\nBrian Carpenter discovered that curl incorrectly handled memory when\nclosing certain handles. A remote attacker could use this issue to\ncause curl to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2018-16840)\n\nBrian Carpenter discovered that the curl command-line tool incorrectly\nhandled error messages. A remote attacker could possibly use this\nissue to obtain sensitive information. (CVE-2018-16842).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3805-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16840\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2022 Canonical, Inc. / NASL script (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.19\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"curl\", pkgver:\"7.58.0-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.58.0-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.58.0-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl4\", pkgver:\"7.58.0-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"curl\", pkgver:\"7.61.0-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.61.0-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.61.0-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl4\", pkgver:\"7.61.0-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss / libcurl4\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:11", "description": "This update for curl fixes the following issues :\n\n - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2018-1379)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1379.NASL", "href": "https://www.tenable.com/plugins/nessus/118876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1379.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118876);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-1379)\");\n script_summary(english:\"Check for the openSUSE-2018-1379 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2018-16839: A SASL password overflow via integer\n overflow was fixed which could lead to crashes\n (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close\n was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was\n fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:13", "description": "This update for curl fixes the following issues :\n\nCVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)\n\nCVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:3624-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:curl-mini", "p-cpe:/a:novell:suse_linux:curl-mini-debuginfo", "p-cpe:/a:novell:suse_linux:curl-mini-debugsource", "p-cpe:/a:novell:suse_linux:libcurl-devel", "p-cpe:/a:novell:suse_linux:libcurl-mini-devel", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-mini", "p-cpe:/a:novell:suse_linux:libcurl4-mini-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-3624-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3624-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120154);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:3624-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nCVE-2018-16839: A SASL password overflow via integer overflow was\nfixed which could lead to crashes (bsc#1112758)\n\nCVE-2018-16840: A use-after-free in SASL handle close was fixed which\ncould lead to crashes (bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\ncould lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16839/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16842/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183624-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ee817b0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2018-2578=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-2578=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-debuginfo-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-debugsource-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-mini-devel-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-mini-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-mini-debuginfo-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-debuginfo-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-debugsource-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-mini-devel-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.14.3\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-mini-7.60.0-3.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-mini-debuginfo-7.60.0-3.14.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:34", "description": "- SASL password overflow via integer overflow (CVE-2018-16839)\n\n - fix use-after-free in handle close (CVE-2018-16840)\n\n - fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : curl (2018-7785911c9e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-7785911C9E.NASL", "href": "https://www.tenable.com/plugins/nessus/120542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7785911c9e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120542);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"FEDORA\", value:\"2018-7785911c9e\");\n\n script_name(english:\"Fedora 29 : curl (2018-7785911c9e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - SASL password overflow via integer overflow\n (CVE-2018-16839)\n\n - fix use-after-free in handle close (CVE-2018-16840)\n\n - fix bad arethmetic when outputting warnings to stderr\n (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7785911c9e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"curl-7.61.1-4.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:57", "description": "This update for curl fixes the following issues :\n\n - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-903)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-903.NASL", "href": "https://www.tenable.com/plugins/nessus/123369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-903.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123369);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-903)\");\n script_summary(english:\"Check for the openSUSE-2019-903 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2018-16839: A SASL password overflow via integer\n overflow was fixed which could lead to crashes\n (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close\n was fixed which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was\n fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:09", "description": "A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.\n(CVE-2018-16840)\n\nCurl is vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. (CVE-2018-16839)\n\nCurl is vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. (CVE-2018-16842)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-25T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2019-1148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1148.NASL", "href": "https://www.tenable.com/plugins/nessus/121369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1148.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121369);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"ALAS\", value:\"2019-1148\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2019-1148)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap use-after-free flaw was found in curl related to closing an\neasy handle. When closing and cleaning up an 'easy' handle in the\n`Curl_close()` function, the library code first frees a struct\n(without nulling the pointer) and might then subsequently erroneously\nwrite to a struct field within that already freed struct.\n(CVE-2018-16840)\n\nCurl is vulnerable to a buffer overrun in the SASL authentication code\nthat may lead to denial of service. (CVE-2018-16839)\n\nCurl is vulnerable to a heap-based buffer over-read in the\ntool_msgs.c:voutf() function that may result in information exposure\nand denial of service. (CVE-2018-16842)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1148.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.53.1-16.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.53.1-16.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.53.1-16.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.53.1-16.86.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:05", "description": "- SASL password overflow via integer overflow (CVE-2018-16839)\n\n - fix use-after-free in handle close (CVE-2018-16840)\n\n - fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : curl (2018-fdc4ca8675)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-FDC4CA8675.NASL", "href": "https://www.tenable.com/plugins/nessus/120934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fdc4ca8675.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120934);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_xref(name:\"FEDORA\", value:\"2018-fdc4ca8675\");\n\n script_name(english:\"Fedora 28 : curl (2018-fdc4ca8675)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - SASL password overflow via integer overflow\n (CVE-2018-16839)\n\n - fix use-after-free in handle close (CVE-2018-16840)\n\n - fix bad arethmetic when outputting warnings to stderr\n (CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdc4ca8675\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"curl-7.59.0-8.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:14:35", "description": "- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\n - fix NTLMv2 type-3 header stack-based buffer overflow (CVE-2019-3822)\n\n - fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "Fedora 29 : curl (2019-43489941ff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-02-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-43489941FF.NASL", "href": "https://www.tenable.com/plugins/nessus/122106", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-43489941ff.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122106);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"FEDORA\", value:\"2019-43489941ff\");\n\n script_name(english:\"Fedora 29 : curl (2019-43489941ff)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix SMTP end-of-response out-of-bounds read\n (CVE-2019-3823)\n\n - fix NTLMv2 type-3 header stack-based buffer overflow\n (CVE-2019-3822)\n\n - fix NTLM type-2 out-of-bounds buffer read\n (CVE-2018-16890)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-43489941ff\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"curl-7.61.1-8.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:16:02", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).\n\nCVE-2019-3822: Fixed a stack-based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).\n\nCVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-06T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:0248-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:curl-mini", "p-cpe:/a:novell:suse_linux:curl-mini-debuginfo", "p-cpe:/a:novell:suse_linux:curl-mini-debugsource", "p-cpe:/a:novell:suse_linux:libcurl-devel", "p-cpe:/a:novell:suse_linux:libcurl-mini-devel", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "p-cpe:/a:novell:suse_linux:libcurl4-mini", "p-cpe:/a:novell:suse_linux:libcurl4-mini-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121618", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0248-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121618);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2019:0248-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3823: Fixed a heap out-of-bounds read in the code handling\nthe end-of-response for SMTP (bsc#1123378).\n\nCVE-2019-3822: Fixed a stack-based buffer overflow in the function\ncreating an outgoing NTLM type-3 message (bsc#1123377).\n\nCVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\nhandling incoming NTLM type-2 messages (bsc#1123371).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3823/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190248-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe3ac5bd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-248=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-248=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"curl-mini-debugsource-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl-mini-devel-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-mini-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libcurl4-mini-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-debugsource-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"curl-mini-debugsource-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-devel-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl-mini-devel-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-debuginfo-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-mini-7.60.0-3.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libcurl4-mini-debuginfo-7.60.0-3.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:16:30", "description": "Multiple vulnerabilities were discovered in cURL, an URL transfer library.\n\n - CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could lead to an out-of-bounds buffer read.\n\n - CVE-2019-3822 Wenxiang Qian of Tencent Blade Team discovered that the function creating an outgoing NTLM type-3 header is subject to an integer overflow vulnerability, which could lead to an out-of-bounds write.\n\n - CVE-2019-3823 Brian Carpenter of Geeknik Labs discovered that the code handling the end-of-response for SMTP is subject to an out-of-bounds heap read.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Debian DSA-4386-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4386.NASL", "href": "https://www.tenable.com/plugins/nessus/121628", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4386. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121628);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"DSA\", value:\"4386\");\n\n script_name(english:\"Debian DSA-4386-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in cURL, an URL transfer\nlibrary.\n\n - CVE-2018-16890\n Wenxiang Qian of Tencent Blade Team discovered that the\n function handling incoming NTLM type-2 messages does not\n validate incoming data correctly and is subject to an\n integer overflow vulnerability, which could lead to an\n out-of-bounds buffer read.\n\n - CVE-2019-3822\n Wenxiang Qian of Tencent Blade Team discovered that the\n function creating an outgoing NTLM type-3 header is\n subject to an integer overflow vulnerability, which\n could lead to an out-of-bounds write.\n\n - CVE-2019-3823\n Brian Carpenter of Geeknik Labs discovered that the code\n handling the end-of-response for SMTP is subject to an\n out-of-bounds heap read.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-3822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-3823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4386\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:16:32", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-037-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-037-01.NASL", "href": "https://www.tenable.com/plugins/nessus/121632", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-037-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121632);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"SSA\", value:\"2019-037-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2019-037-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.433275\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8c976af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.64.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:16:35", "description": "Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3882-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "p-cpe:/a:canonical:ubuntu_linux:libcurl4", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3882-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3882-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121639);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"USN\", value:\"3882-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3882-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wenxiang Qian discovered that curl incorrectly handled certain NTLM\nauthentication messages. A remote attacker could possibly use this\nissue to cause curl to crash, resulting in a denial of service. This\nissue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu\n18.10. (CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to\ncause curl to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 16.04 LTS,\nUbuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. A remote attacker could possibly use this issue to cause\ncurl to crash, resulting in a denial of service. (CVE-2019-3823).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3882-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.20\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"curl\", pkgver:\"7.58.0-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.58.0-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.58.0-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libcurl4\", pkgver:\"7.58.0-2ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"curl\", pkgver:\"7.61.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.61.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.61.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libcurl4\", pkgver:\"7.61.0-1ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss / libcurl4\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:16:33", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-174)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:curl-mini", "p-cpe:/a:novell:opensuse:curl-mini-debuginfo", "p-cpe:/a:novell:opensuse:curl-mini-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl-mini-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-mini", "p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-174.NASL", "href": "https://www.tenable.com/plugins/nessus/122221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-174.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122221);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-174)\");\n script_summary(english:\"Check for the openSUSE-2019-174 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the\n code handling the end-of-response for SMTP\n (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in\n the function creating an outgoing NTLM type-3 message\n (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read\n in the function handling incoming NTLM type-2 messages\n (bsc#1123371).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-mini-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-debugsource-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"curl-mini-debugsource-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-devel-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl-mini-devel-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libcurl4-mini-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.60.0-lp150.2.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libcurl4-32bit-debuginfo-7.60.0-lp150.2.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:14:58", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-173)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-173.NASL", "href": "https://www.tenable.com/plugins/nessus/122220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-173.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122220);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-173)\");\n script_summary(english:\"Check for the openSUSE-2019-173 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the\n code handling the end-of-response for SMTP\n (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in\n the function creating an outgoing NTLM type-3 message\n (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read\n in the function handling incoming NTLM type-2 messages\n (bsc#1123371).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123378\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-45.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:16:30", "description": "curl security problems :\n\nCVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n\nlibcurl contains a heap buffer out-of-bounds read flaw.\n\nThe function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability.\n\nUsing that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.\n\nCVE-2019-3822: NTLMv2 type-3 header stack-based buffer overflow\n\nlibcurl contains a stack based buffer overflow vulnerability.\n\nThe function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening.\n\nThis output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server.\n\nSuch a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.\n\nCVE-2019-3823: SMTP end-of-response out-of-bounds read\n\nlibcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP.\n\nIf the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-08T00:00:00", "type": "nessus", "title": "FreeBSD : curl -- multiple vulnerabilities (714b033a-2b09-11e9-8bc3-610fd6e6cd05)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-02-12T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_714B033A2B0911E98BC3610FD6E6CD05.NASL", "href": "https://www.tenable.com/plugins/nessus/122042", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122042);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n\n script_name(english:\"FreeBSD : curl -- multiple vulnerabilities (714b033a-2b09-11e9-8bc3-610fd6e6cd05)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"curl security problems :\n\nCVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n\nlibcurl contains a heap buffer out-of-bounds read flaw.\n\nThe function handling incoming NTLM type-2 messages\n(lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming\ndata correctly and is subject to an integer overflow vulnerability.\n\nUsing that overflow, a malicious or broken NTLM server could trick\nlibcurl to accept a bad length + offset combination that would lead to\na buffer read out-of-bounds.\n\nCVE-2019-3822: NTLMv2 type-3 header stack-based buffer overflow\n\nlibcurl contains a stack based buffer overflow vulnerability.\n\nThe function creating an outgoing NTLM type-3 header\n(lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates\nthe request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting\noverflowed is implemented wrongly (using unsigned math) and as such it\ndoes not prevent the overflow from happening.\n\nThis output data can grow larger than the local buffer if very large\n'nt response' data is extracted from a previous NTLMv2 header provided\nby the malicious or broken HTTP server.\n\nSuch a 'large value' needs to be around 1000 bytes or more. The actual\npayload data copied to the target buffer comes from the NTLMv2 type-2\nresponse header.\n\nCVE-2019-3823: SMTP end-of-response out-of-bounds read\n\nlibcurl contains a heap out-of-bounds read in the code handling the\nend-of-response for SMTP.\n\nIf the buffer passed to smtp_endofresp() isn't NUL terminated and\ncontains no character ending the parsed number, and len is set to 5,\nthen the strtol() call reads beyond the allocated buffer. The read\ncontents will not be returned to the caller.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/security.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-16890.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2019-3822.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2019-3823.html\"\n );\n # https://vuxml.freebsd.org/freebsd/714b033a-2b09-11e9-8bc3-610fd6e6cd05.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?340e0493\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl<7.64.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:17:34", "description": "It was discovered that there were three vulnerabilities in the curl command-line HTTP (etc.) client :\n\n - CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in the handling of NTLM type-2 messages.\n\n - CVE-2019-3822: Stack-based buffer overflow in the handling of outgoing NTLM type-3 headers.\n\n - CVE-2019-3823: Heap out-of-bounds read in code handling the end of a response in the SMTP protocol.\n\nFor Debian 8 'Jessie', this issue has been fixed in curl version 7.38.0-4+deb8u14.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "Debian DLA-1672-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-doc", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1672.NASL", "href": "https://www.tenable.com/plugins/nessus/122099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1672-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122099);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_name(english:\"Debian DLA-1672-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were three vulnerabilities in the curl\ncommand-line HTTP (etc.) client :\n\n - CVE-2018-16890: A heap buffer out-of-bounds read\n vulnerability in the handling of NTLM type-2 messages.\n\n - CVE-2019-3822: Stack-based buffer overflow in the\n handling of outgoing NTLM type-3 headers.\n\n - CVE-2019-3823: Heap out-of-bounds read in code handling\n the end of a response in the SMTP protocol.\n\nFor Debian 8 'Jessie', this issue has been fixed in curl version\n7.38.0-4+deb8u14.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u14\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-06-16T16:15:34", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).\n\nCVE-2019-3822: Fixed a stack-based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).\n\nCVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0249-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0249-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121635", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0249-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121635);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0249-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-3823: Fixed a heap out-of-bounds read in the code handling\nthe end-of-response for SMTP (bsc#1123378).\n\nCVE-2019-3822: Fixed a stack-based buffer overflow in the function\ncreating an outgoing NTLM type-3 message (bsc#1123377).\n\nCVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\nhandling incoming NTLM type-2 messages (bsc#1123371).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16890/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3822/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3823/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190249-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed9c0595\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-249=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-249=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-249=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-249=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-249=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-249=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-249=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-249=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-249=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-249=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-249=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T16:09:46", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-333-03)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-333-03.NASL", "href": "https://www.tenable.com/plugins/nessus/104860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-333-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104860);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-8818\");\n script_xref(name:\"SSA\", value:\"2017-333-03\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-333-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.440895\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3684041\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.57.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.57.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.57.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.57.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.57.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.57.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.57.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.57.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T16:09:13", "description": "The cURL project reports :\n\n- NTLM buffer overflow via integer overflow (CVE-2017-8816)libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curl_ntlm_core_mk_ntlmv2_hash sums up the lengths of the user name + password (= SUM) and multiplies the sum by two (= SIZE) to figure out how large storage to allocate from the heap.\n\n- FTP wildcard out of bounds read (CVE-2017-8817) libcurl contains a read out of bounds flaw in the FTP wildcard function. libcurl's FTP wildcard matching feature, which is enabled with the CURLOPT_WILDCARDMATCH option can use a built-in wildcard function or a user provided one. The built-in wildcard function has a flaw that makes it not detect the end of the pattern string if it ends with an open bracket ([) but instead it will continue reading the heap beyond the end of the URL buffer that holds the wildcard.\n\n- SSL out of buffer access (CVE-2017-8818) libcurl contains an out boundary access flaw in SSL related code. When allocating memory for a connection (the internal struct called connectdata), a certain amount of memory is allocated at the end of the struct to be used for SSL related structs. Those structs are used by the particular SSL library libcurl is built to use. The application can also tell libcurl which specific SSL library to use if it was built to support more than one.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "FreeBSD : cURL -- Multiple vulnerabilities (301a01b7-d50e-11e7-ac58-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "p-cpe:/a:freebsd:freebsd:linux-c7-curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_301A01B7D50E11E7AC58B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/104863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104863);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-8818\");\n\n script_name(english:\"FreeBSD : cURL -- Multiple vulnerabilities (301a01b7-d50e-11e7-ac58-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cURL project reports :\n\n- NTLM buffer overflow via integer overflow (CVE-2017-8816)libcurl\ncontains a buffer overrun flaw in the NTLM authentication code. The\ninternal function Curl_ntlm_core_mk_ntlmv2_hash sums up the lengths of\nthe user name + password (= SUM) and multiplies the sum by two (=\nSIZE) to figure out how large storage to allocate from the heap.\n\n- FTP wildcard out of bounds read (CVE-2017-8817) libcurl contains a\nread out of bounds flaw in the FTP wildcard function. libcurl's FTP\nwildcard matching feature, which is enabled with the\nCURLOPT_WILDCARDMATCH option can use a built-in wildcard function or a\nuser provided one. The built-in wildcard function has a flaw that\nmakes it not detect the end of the pattern string if it ends with an\nopen bracket ([) but instead it will continue reading the heap beyond\nthe end of the URL buffer that holds the wildcard.\n\n- SSL out of buffer access (CVE-2017-8818) libcurl contains an out\nboundary access flaw in SSL related code. When allocating memory for a\nconnection (the internal struct called connectdata), a certain amount\nof memory is allocated at the end of the struct to be used for SSL\nrelated structs. Those structs are used by the particular SSL library\nlibcurl is built to use. The application can also tell libcurl which\nspecific SSL library to use if it was built to support more than one.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/changes.html\"\n );\n # https://vuxml.freebsd.org/freebsd/301a01b7-d50e-11e7-ac58-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b74b79e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c7-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl>=7.21.0<7.57.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c7-curl>=7.21.0<7.29.0_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:59:21", "description": "curl security problems :\n\nCVE-2018-16839: SASL password overflow via integer overflow\n\nlibcurl contains a buffer overrun in the SASL authentication code.\n\nThe internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren't too long, then calculates a buffer size to allocate.\n\nOn systems with a 32 bit size_t, the math to calculate the buffer size triggers an integer overflow when the user name length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow.\n\nThis bug is very similar to CVE-2017-14618.\n\nIt affects curl 7.33.0 to 7.61.1.\n\nCVE-2018-16840: use-after-free in handle close\n\nlibcurl contains a heap use-after-free flaw in code related to closing an easy handle.\n\nWhen closing and cleaning up an 'easy' handle in the Curl_close() function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.\n\nIt affects curl 7.59.0 to 7.61.1.\n\nCVE-2018-16842: warning message out-of-buffer read\n\ncurl contains a heap out of buffer read vulnerability.\n\nThe command line tool has a generic function for displaying warning and informational messages to stderr for various situations. For example if an unknown command line argument is used, or passed to it in a 'config' file.\n\nThis display function formats the output to wrap at 80 columns. The wrap logic is however flawed, so if a single word in the message is itself longer than 80 bytes the buffer arithmetic calculates the remainder wrong and will end up reading behind the end of the buffer.\nThis could lead to information disclosure or crash.\n\nThis vulnerability could lead to a security issue if used in this or similar situations :\n\n1. a server somewhere uses the curl command line to run something\n\n2. if it fails, it shows stderr to the user\n\n3. the server takes user input for parts of its command line input\n\n4. user provides something overly long that triggers this crash\n\n5. the stderr output may now contain user memory contents that wasn't meant to be available\n\nIt affects curl 7.14.1 to 7.61.1.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "FreeBSD : curl -- multiple vulnerabilities (e0ab1773-07c1-46c6-9170-4c5e81c00927)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14618", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E0AB177307C146C691704C5E81C00927.NASL", "href": "https://www.tenable.com/plugins/nessus/118707", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118707);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"FreeBSD : curl -- multiple vulnerabilities (e0ab1773-07c1-46c6-9170-4c5e81c00927)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"curl security problems :\n\nCVE-2018-16839: SASL password overflow via integer overflow\n\nlibcurl contains a buffer overrun in the SASL authentication code.\n\nThe internal function Curl_auth_create_plain_message fails to\ncorrectly verify that the passed in lengths for name and password\naren't too long, then calculates a buffer size to allocate.\n\nOn systems with a 32 bit size_t, the math to calculate the buffer size\ntriggers an integer overflow when the user name length exceeds 2GB\n(2^31 bytes). This integer overflow usually causes a very small buffer\nto actually get allocated instead of the intended very huge one,\nmaking the use of that buffer end up in a heap buffer overflow.\n\nThis bug is very similar to CVE-2017-14618.\n\nIt affects curl 7.33.0 to 7.61.1.\n\nCVE-2018-16840: use-after-free in handle close\n\nlibcurl contains a heap use-after-free flaw in code related to closing\nan easy handle.\n\nWhen closing and cleaning up an 'easy' handle in the Curl_close()\nfunction, the library code first frees a struct (without nulling the\npointer) and might then subsequently erroneously write to a struct\nfield within that already freed struct.\n\nIt affects curl 7.59.0 to 7.61.1.\n\nCVE-2018-16842: warning message out-of-buffer read\n\ncurl contains a heap out of buffer read vulnerability.\n\nThe command line tool has a generic function for displaying warning\nand informational messages to stderr for various situations. For\nexample if an unknown command line argument is used, or passed to it\nin a 'config' file.\n\nThis display function formats the output to wrap at 80 columns. The\nwrap logic is however flawed, so if a single word in the message is\nitself longer than 80 bytes the buffer arithmetic calculates the\nremainder wrong and will end up reading behind the end of the buffer.\nThis could lead to information disclosure or crash.\n\nThis vulnerability could lead to a security issue if used in this or\nsimilar situations :\n\n1. a server somewhere uses the curl command line to run something\n\n2. if it fails, it shows stderr to the user\n\n3. the server takes user input for parts of its command line input\n\n4. user provides something overly long that triggers this crash\n\n5. the stderr output may now contain user memory contents that wasn't\nmeant to be available\n\nIt affects curl 7.14.1 to 7.61.1.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/security.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-16839.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-16840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2018-16842.html\"\n );\n # https://vuxml.freebsd.org/freebsd/e0ab1773-07c1-46c6-9170-4c5e81c00927.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79d7317b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16840\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl>=7.14.1<7.60.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-24T15:51:55", "description": "An update of the curl package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2019-1.0-0203", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0203_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/122015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0203. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122015);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2019-1.0-0203\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-203.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.59.0-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.59.0-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.59.0-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.59.0-4.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:23", "description": "This update for curl fixes the following issues :\n\nCVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:3608-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-04-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3608-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3608-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118729);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/29\");\n\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:3608-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nCVE-2018-16840: A use after free in closing SASL handles was fixed\n(bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\ncould lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16842/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183608-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00bf325c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2563=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2563=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2563=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2563=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:23", "description": "This update for curl fixes the following issues :\n\nCVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-09T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : curl (SUSE-SU-2018:3681-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-3681-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3681-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118854);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"SUSE SLES11 Security Update : curl (SUSE-SU-2018:3681-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nCVE-2018-16840: A use-after-free in SASL handle close was fixed\n(bsc#1112758)\n\nCVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\ncould lead to crashes (bsc#1113660)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16840/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16842/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183681-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f709d14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-curl-13861=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-curl-13861=1\n\nSUSE Linux Enterprise Server 11-SECURITY:zypper in -t patch\nsecsp3-curl-13861=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-curl-13861=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-70.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.37.0-70.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"curl-7.37.0-70.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcurl4-7.37.0-70.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:22", "description": "This update for curl fixes the following issues :\n\n - CVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2018-1383)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1383.NASL", "href": "https://www.tenable.com/plugins/nessus/118879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1383.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118879);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-1383)\");\n script_summary(english:\"Check for the openSUSE-2018-1383 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2018-16840: A use after free in closing SASL handles\n was fixed (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was\n fixed which could lead to crashes (bsc#1113660)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113660\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-42.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-12T15:20:29", "description": "Two vulnerabilities were discovered in cURL, an URL transfer library.\n\n - CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated instead of the intended very huge one, which would trigger a heap buffer overflow when the buffer is used.\n\n - CVE-2018-16842 Brian Carpenter discovered that the logic in the curl tool to wrap error messages at 80 columns is flawed, leading to a read buffer overflow if a single word in the message is itself longer than 80 bytes.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Debian DSA-4331-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16842"], "modified": "2021-04-29T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:curl:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4331.NASL", "href": "https://www.tenable.com/plugins/nessus/118720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4331. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118720);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/29\");\n\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16842\");\n script_xref(name:\"DSA\", value:\"4331\");\n\n script_name(english:\"Debian DSA-4331-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Two vulnerabilities were discovered in cURL, an URL transfer library.\n\n - CVE-2018-16839\n Harry Sintonen discovered that, on systems with a 32 bit\n size_t, an integer overflow would be triggered when a\n SASL user name longer than 2GB is used. This would in\n turn cause a very small buffer to be allocated instead\n of the intended very huge one, which would trigger a\n heap buffer overflow when the buffer is used.\n\n - CVE-2018-16842\n Brian Carpenter discovered that the logic in the curl\n tool to wrap error messages at 80 columns is flawed,\n leading to a read buffer overflow if a single word in\n the message is itself longer than 80 bytes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4331\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the curl packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:34:55", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876)\n\n - CVE-2017-1000257: IMAP FETCH response out of bounds read (bsc#1063824)\n\nBugs fixed :\n\n - Fixed error 'error:1408F10B:SSL routines' when connecting to ftps via proxy (bsc#1060653)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2017-1200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1200.NASL", "href": "https://www.tenable.com/plugins/nessus/104236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1200.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104236);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2017-1200)\");\n script_summary(english:\"Check for the openSUSE-2017-1200 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds\n read (bsc#1061876)\n\n - CVE-2017-1000257: IMAP FETCH response out of bounds read\n (bsc#1063824)\n\nBugs fixed :\n\n - Fixed error 'error:1408F10B:SSL routines' when\n connecting to ftps via proxy (bsc#1060653)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063824\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debuginfo-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debugsource-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl-devel-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-debuginfo-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:13", "description": "This update for curl fixes the following issues: Security issues fixed :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876)\n\n - CVE-2017-1000257: IMAP FETCH response out of bounds read (bsc#1063824) Bugs fixed :\n\n - Fixed error 'error:1408F10B:SSL routines' when connecting to ftps via proxy (bsc#1060653)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2831-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2831-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2831-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104117);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2831-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues: Security issues \nfixed :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds\n read (bsc#1061876)\n\n - CVE-2017-1000257: IMAP FETCH response out of bounds read\n (bsc#1063824) Bugs fixed :\n\n - Fixed error 'error:1408F10B:SSL routines' when\n connecting to ftps via proxy (bsc#1060653)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000254/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000257/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172831-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab1d52b2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1758=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1758=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1758=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1758=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1758=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1758=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1758=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-1758=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1758=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-06-16T15:24:26", "description": "An update of the curl package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-28T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2019-1.0-0209", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-01-29T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0209_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/133296", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0209. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133296);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/29\");\n\n script_cve_id(\"CVE-2019-3822\", \"CVE-2019-3823\");\n script_bugtraq_id(106950);\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2019-1.0-0209\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-209.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"curl-7.59\", release:\"PhotonOS-1.0\") && rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"curl-7.59.0-6.ph1\")) flag++;\nif (rpm_exists(rpm:\"curl-7.59\", release:\"PhotonOS-1.0\") && rpm_check(release:\"PhotonOS-1.0\", cpu:\"src\", reference:\"curl-7.59.0-6.ph1.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.59.0-6.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:26:28", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code (bsc#1069226).\n\n - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function (bsc#1069222).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2018-56)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-56.NASL", "href": "https://www.tenable.com/plugins/nessus/106219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-56.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106219);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-56)\");\n script_summary(english:\"Check for the openSUSE-2018-56 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-8816: Buffer overrun flaw in the NTLM\n authentication code (bsc#1069226).\n\n - CVE-2017-8817: Read out of bounds flaw in the FTP\n wildcard function (bsc#1069222).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069226\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debuginfo-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debugsource-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl-devel-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-debuginfo-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-11T18:54:16", "description": "Two vulnerabilities were discovered in cURL, an URL transfer library.\n\n - CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation.\n\n - CVE-2017-8817 Fuzzing by the OSS-Fuzz project led to the discovery of a read out of bounds flaw in the FTP wildcard function in libcurl. A malicious server could redirect a libcurl-based client to an URL using a wildcard pattern, triggering the out-of-bound read.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Debian DSA-4051-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:curl:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4051.NASL", "href": "https://www.tenable.com/plugins/nessus/104861", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4051. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104861);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"DSA\", value:\"4051\");\n\n script_name(english:\"Debian DSA-4051-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in cURL, an URL transfer library.\n\n - CVE-2017-8816\n Alex Nichols discovered a buffer overrun flaw in the\n NTLM authentication code which can be triggered on 32bit\n systems where an integer overflow might occur when\n calculating the size of a memory allocation.\n\n - CVE-2017-8817\n Fuzzing by the OSS-Fuzz project led to the discovery of\n a read out of bounds flaw in the FTP wildcard function\n in libcurl. A malicious server could redirect a\n libcurl-based client to an URL using a wildcard pattern,\n triggering the out-of-bound read.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-8817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4051\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u8.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T16:14:10", "description": "- fix NTLM buffer overflow via integer overflow (CVE-2017-8816)\n\n - fix FTP wildcard out of bounds read (CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-11T00:00:00", "type": "nessus", "title": "Fedora 26 : curl (2017-0c062324cd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-0C062324CD.NASL", "href": "https://www.tenable.com/plugins/nessus/105124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-0c062324cd.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105124);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"FEDORA\", value:\"2017-0c062324cd\");\n\n script_name(english:\"Fedora 26 : curl (2017-0c062324cd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix NTLM buffer overflow via integer overflow\n (CVE-2017-8816)\n\n - fix FTP wildcard out of bounds read (CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0c062324cd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"curl-7.53.1-13.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:20:59", "description": "This update for curl fixes the following issues: Security issues fixed :\n\n - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code (bsc#1069226).\n\n - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function (bsc#1069222).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0122-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0122-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106132", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0122-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106132);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0122-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues: Security issues \nfixed :\n\n - CVE-2017-8816: Buffer overrun flaw in the NTLM\n authentication code (bsc#1069226).\n\n - CVE-2017-8817: Read out of bounds flaw in the FTP\n wildcard function (bsc#1069222).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8817/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180122-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a96268c2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-88=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-88=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-88=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-88=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-88=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-88=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-88=1\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-88=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-88=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.11.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.11.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:26:56", "description": "- fix NTLM buffer overflow via integer overflow (CVE-2017-8816)\n\n - fix FTP wildcard out of bounds read (CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : curl (2017-45bdf4dace)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-45BDF4DACE.NASL", "href": "https://www.tenable.com/plugins/nessus/105863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-45bdf4dace.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105863);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"FEDORA\", value:\"2017-45bdf4dace\");\n\n script_name(english:\"Fedora 27 : curl (2017-45bdf4dace)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix NTLM buffer overflow via integer overflow\n (CVE-2017-8816)\n\n - fix FTP wildcard out of bounds read (CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-45bdf4dace\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"curl-7.55.1-8.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:22:45", "description": "The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. (CVE-2017-8816)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. (CVE-2017-8817)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2018-938)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-938.NASL", "href": "https://www.tenable.com/plugins/nessus/105516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-938.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105516);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"ALAS\", value:\"2018-938\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2018-938)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The NTLM authentication feature in curl and libcurl before 7.57.0 on\n32-bit platforms allows attackers to cause a denial of service\n(integer overflow and resultant buffer overflow, and application\ncrash) or possibly have unspecified other impact via vectors involving\nlong user and password fields. (CVE-2017-8816)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows\nremote attackers to cause a denial of service (out-of-bounds read and\napplication crash) or possibly have unspecified other impact via a\nstring that ends with an '[' character. (CVE-2017-8817)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-938.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.53.1-13.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.53.1-13.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.53.1-13.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.53.1-13.80.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T16:09:33", "description": "Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816)\n\nIt was discovered that curl incorrectly handled FTP wildcard matching.\nA remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2017-8817).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : curl vulnerabilities (USN-3498-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3498-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104881", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3498-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104881);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"USN\", value:\"3498-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : curl vulnerabilities (USN-3498-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alex Nichols discovered that curl incorrectly handled NTLM\nauthentication credentials. A remote attacker could use this issue to\ncause curl to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS,\nUbuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816)\n\nIt was discovered that curl incorrectly handled FTP wildcard matching.\nA remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly obtain sensitive\ninformation. (CVE-2017-8817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3498-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.13\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"curl\", pkgver:\"7.52.1-4ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3\", pkgver:\"7.52.1-4ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.52.1-4ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.52.1-4ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"curl\", pkgver:\"7.55.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3\", pkgver:\"7.55.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.55.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.55.1-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-01T17:20:57", "description": "An update of the curl package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Curl PHSA-2018-2.0-0016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000007"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0016_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121916", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0016. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121916);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2018-1000007\");\n\n script_name(english:\"Photon OS 2.0: Curl PHSA-2018-2.0-0016\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-16.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8817\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.58.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.58.0-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-01T17:20:56", "description": "An update of the curl package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2018-1.0-0108", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000007"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0108_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0108. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121808);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2018-1000007\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2018-1.0-0108\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-108.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8817\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.58.0-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.58.0-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.58.0-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.58.0-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.58.0-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.58.0-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:21:56", "description": "According to the version of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : wget (EulerOS-SA-2019-1663)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:wget", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1663.NASL", "href": "https://www.tenable.com/plugins/nessus/126290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126290);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20483\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : wget (EulerOS-SA-2019-1663)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the wget package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - set_file_metadata in xattr.c in GNU Wget before 1.20.1\n stores a file's origin URL in the user.xdg.origin.url\n metadata attribute of the extended attributes of the\n downloaded file, which allows local users to obtain\n sensitive information (e.g., credentials contained in\n the URL) by reading this attribute, as demonstrated by\n getfattr. This also applies to Referer information in\n the user.xdg.referrer.url metadata attribute. According\n to 2016-07-22 in the Wget ChangeLog,\n user.xdg.origin.url was partially based on the behavior\n of fwrite_xattr in tool_xattr.c in\n curl.(CVE-2018-20483)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1663\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8dc3d567\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"wget-1.19.5-5.h3.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:27:37", "description": "Gynvael Coldwind reports :\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-15T00:00:00", "type": "nessus", "title": "FreeBSD : wget -- security flaw in caching credentials passed as a part of the URL (a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:wget", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A737EB115CFC11E9AB878CEC4BF8FCFB.NASL", "href": "https://www.tenable.com/plugins/nessus/124047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124047);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2018-20483\");\n\n script_name(english:\"FreeBSD : wget -- security flaw in caching credentials passed as a part of the URL (a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gynvael Coldwind reports :\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's\norigin URL in the user.xdg.origin.url metadata attribute of the\nextended attributes of the downloaded file, which allows local users\nto obtain sensitive information (e.g., credentials contained in the\nURL) by reading this attribute, as demonstrated by getfattr. This also\napplies to Referer information in the user.xdg.referrer.url metadata\nattribute.\"\n );\n # https://vuxml.freebsd.org/freebsd/a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d74c633\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wget>=1.19<1.20.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T13:07:13", "description": "The remote host is affected by the vulnerability described in GLSA-201903-08 (GNU Wget: Password and metadata leak)\n\n A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c.\n Impact :\n\n A local attacker could obtain sensitive information to include credentials.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-11T00:00:00", "type": "nessus", "title": "GLSA-201903-08 : GNU Wget: Password and metadata leak", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2020-02-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:wget", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201903-08.NASL", "href": "https://www.tenable.com/plugins/nessus/122736", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201903-08.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122736);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2018-20483\");\n script_xref(name:\"GLSA\", value:\"201903-08\");\n\n script_name(english:\"GLSA-201903-08 : GNU Wget: Password and metadata leak\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201903-08\n(GNU Wget: Password and metadata leak)\n\n A vulnerability was discovered in GNU Wget’s file_metadata in xattr.c.\n \nImpact :\n\n A local attacker could obtain sensitive information to include\n credentials.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201903-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU Wget users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/wget-1.20.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/wget\", unaffected:make_list(\"ge 1.20.1\"), vulnerable:make_list(\"lt 1.20.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU Wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:29:24", "description": "This update for wget fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : wget (SUSE-SU-2019:0093-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:wget", "p-cpe:/a:novell:suse_linux:wget-debuginfo", "p-cpe:/a:novell:suse_linux:wget-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0093-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0093-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121207);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-20483\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : wget (SUSE-SU-2019:0093-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wget fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-20483: Fixed an information disclosure through file metadata\n(bsc#1120382)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20483/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190093-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32ef94df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-93=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"wget-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"wget-debuginfo-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"wget-debugsource-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"wget-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"wget-debuginfo-1.19.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"wget-debugsource-1.19.5-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:29:08", "description": "This update for wget fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-20483: Fixed an information disclosure through file metadata (bsc#1120382)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : wget (openSUSE-2019-57)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wget", "p-cpe:/a:novell:opensuse:wget-debuginfo", "p-cpe:/a:novell:opensuse:wget-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-57.NASL", "href": "https://www.tenable.com/plugins/nessus/121284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-57.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121284);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-20483\");\n\n script_name(english:\"openSUSE Security Update : wget (openSUSE-2019-57)\");\n script_summary(english:\"Check for the openSUSE-2019-57 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wget fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-20483: Fixed an information disclosure through\n file metadata (bsc#1120382)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120382\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wget-1.19.5-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wget-debuginfo-1.19.5-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"wget-debugsource-1.19.5-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget / wget-debuginfo / wget-debugsource\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T00:46:20", "description": "- xattr: strip credentials from any URL that is stored (CVE-2018-20483)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-24T00:00:00", "type": "nessus", "title": "Fedora 29 : curl (2019-427a0ba9e3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-427A0BA9E3.NASL", "href": "https://www.tenable.com/plugins/nessus/121333", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-427a0ba9e3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121333);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-20483\");\n script_xref(name:\"FEDORA\", value:\"2019-427a0ba9e3\");\n\n script_name(english:\"Fedora 29 : curl (2019-427a0ba9e3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - xattr: strip credentials from any URL that is stored\n (CVE-2018-20483)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-427a0ba9e3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"curl-7.61.1-7.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T13:09:39", "description": "Update to upstream release 1.20.1 to fix CVE-2018-20483.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-07T00:00:00", "type": "nessus", "title": "Fedora 29 : wget (2019-088875c43a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2020-02-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-088875C43A.NASL", "href": "https://www.tenable.com/plugins/nessus/120965", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-088875c43a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120965);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2018-20483\");\n script_xref(name:\"FEDORA\", value:\"2019-088875c43a\");\n\n script_name(english:\"Fedora 29 : wget (2019-088875c43a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream release 1.20.1 to fix CVE-2018-20483.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-088875c43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"wget-1.20.1-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T00:45:22", "description": "Update to upstream release 1.20.1 to fix CVE-2018-20483.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "Fedora 28 : wget (2019-d1b5cf0055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2020-02-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:wget", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-D1B5CF0055.NASL", "href": "https://www.tenable.com/plugins/nessus/121086", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d1b5cf0055.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121086);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2018-20483\");\n script_xref(name:\"FEDORA\", value:\"2019-d1b5cf0055\");\n\n script_name(english:\"Fedora 28 : wget (2019-d1b5cf0055)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream release 1.20.1 to fix CVE-2018-20483.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d1b5cf0055\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected wget package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"wget-1.20.1-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wget\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:27:27", "description": "This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2019-1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/124580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1311.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124580);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16839\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2019-1311)\");\n script_summary(english:\"Check for the openSUSE-2019-1311 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-16839: Fixed a buffer overflow in the SASL\n authentication code (bsc#1112758).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131886\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-48.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:30", "description": "This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0996-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0996-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124269", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0996-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124269);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16839\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2019:0996-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-16839: Fixed a buffer overflow in the SASL authentication\ncode (bsc#1112758).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16839/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190996-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e671724a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-996=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-996=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-996=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-996=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-996=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-996=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-996=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-996=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-996=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-996=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-996=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-996=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:43:35", "description": "An update of the curl package has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2017-1.0-0095", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8818"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-1_0-0095_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-1.0-0095. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121784);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-8818\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2017-1.0-0095\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-95.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8818\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.56.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.56.1-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:19:54", "description": "An update of the curl package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Curl PHSA-2019-2.0-0171", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16890"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0171_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/128714", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0171. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128714);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\"CVE-2018-16890\");\n script_bugtraq_id(106947);\n\n script_name(english:\"Photon OS 2.0: Curl PHSA-2019-2.0-0171\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-171.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16890\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.59.0-8.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.59.0-8.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.59.0-8.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.59.0-8.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-25T17:23:59", "description": "An update of the curl package has been released.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Curl PHSA-2017-0050", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2017-0050_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121768", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0050. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121768);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2017-1000257\");\n\n script_name(english:\"Photon OS 2.0: Curl PHSA-2017-0050\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-4.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.54.1-4.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.54.1-4.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.54.1-4.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.54.1-4.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-11T18:52:15", "description": "Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "Debian DSA-4007-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:curl:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4007.NASL", "href": "https://www.tenable.com/plugins/nessus/104222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4007. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104222);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000257\");\n script_xref(name:\"DSA\", value:\"4007\");\n\n script_name(english:\"Debian DSA-4007-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an\nURL transfer library, incorrectly parsed an IMAP FETCH response with\nsize 0, leading to an out-of-bounds read.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4007\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 7.38.0-4+deb8u7.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52.1-5+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:07", "description": "Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-24T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : curl vulnerability (USN-3457-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3457-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3457-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104118);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000257\");\n script_xref(name:\"USN\", value:\"3457-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : curl vulnerability (USN-3457-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brian Carpenter discovered that curl incorrectly handled IMAP FETCH\nresponse lines. A remote attacker could use this issue to cause curl\nto crash, resulting in a denial of service, or possibly execute\narbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3457-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"curl\", pkgver:\"7.52.1-4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3\", pkgver:\"7.52.1-4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.52.1-4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.52.1-4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"curl\", pkgver:\"7.55.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3\", pkgver:\"7.55.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.55.1-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.55.1-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:01", "description": "The cURL project reports :\n\nlibcurl contains a buffer overrun flaw in the IMAP handler. An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-24T00:00:00", "type": "nessus", "title": "FreeBSD : cURL -- out of bounds read (143ec3d6-b7cf-11e7-ac58-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_143EC3D6B7CF11E7AC58B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/104113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104113);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000257\");\n\n script_name(english:\"FreeBSD : cURL -- out of bounds read (143ec3d6-b7cf-11e7-ac58-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cURL project reports :\n\nlibcurl contains a buffer overrun flaw in the IMAP handler. An IMAP\nFETCH response line indicates the size of the returned data, in number\nof bytes. When that response says the data is zero bytes, libcurl\nwould pass on that (non-existing) data with a pointer and the size\n(zero) to the deliver-data function. libcurl's deliver-data function\ntreats zero as a magic number and invokes strlen() on the data to\nfigure out the length. The strlen() is called on a heap based buffer\nthat might not be zero terminated so libcurl might read beyond the end\nof it into whatever memory lies after (or just crash) and then deliver\nthat to the application as if it was actually downloaded.\"\n );\n # https://curl.haxx.se/docs/adv_20171023.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2017-1000257.html\"\n );\n # https://vuxml.freebsd.org/freebsd/143ec3d6-b7cf-11e7-ac58-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dabf9985\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl>=7.20<7.56.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:04", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-24T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-297-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-297-01.NASL", "href": "https://www.tenable.com/plugins/nessus/104105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-297-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104105);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000257\");\n script_xref(name:\"SSA\", value:\"2017-297-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-297-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.421440\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?744bf7ef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.56.1\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.56.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.56.1\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.56.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.56.1\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.56.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.56.1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.56.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:55", "description": "- fix buffer overflow while processing IMAP FETCH response (CVE-2017-1000257)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Fedora 26 : curl (2017-ebf32659bf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-EBF32659BF.NASL", "href": "https://www.tenable.com/plugins/nessus/104316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ebf32659bf.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104316);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000257\");\n script_xref(name:\"FEDORA\", value:\"2017-ebf32659bf\");\n\n script_name(english:\"Fedora 26 : curl (2017-ebf32659bf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix buffer overflow while processing IMAP FETCH response\n (CVE-2017-1000257)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebf32659bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"curl-7.53.1-12.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:24", "description": "From Red Hat Security Advisory 2017:3263 :\n\nAn update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-11-28T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : curl (ELSA-2017-3263)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:curl", "p-cpe:/a:oracle:linux:libcurl", "p-cpe:/a:oracle:linux:libcurl-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-3263.NASL", "href": "https://www.tenable.com/plugins/nessus/104799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:3263 and \n# Oracle Linux Security Advisory ELSA-2017-3263 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104799);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000257\");\n script_xref(name:\"RHSA\", value:\"2017:3263\");\n\n script_name(english:\"Oracle Linux 7 : curl (ELSA-2017-3263)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:3263 :\n\nAn update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* A buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP\nserver, an attacker could exploit this flaw to potentially cause\ninformation disclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the\noriginal reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-November/007356.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-42.el7_4.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-42.el7_4.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-42.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:24", "description": "An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-11-28T00:00:00", "type": "nessus", "title": "RHEL 7 : curl (RHSA-2017:3263)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-3263.NASL", "href": "https://www.tenable.com/plugins/nessus/104801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3263. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104801);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-1000257\");\n script_xref(name:\"RHSA\", value:\"2017:3263\");\n\n script_name(english:\"RHEL 7 : curl (RHSA-2017:3263)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* A buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP\nserver, an attacker could exploit this flaw to potentially cause\ninformation disclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the\noriginal reporters.\"\n );\n # https://curl.haxx.se/docs/adv_20171023.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2017-1000257.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-1000257\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3263\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"curl-7.29.0-42.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-42.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"curl-debuginfo-7.29.0-42.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libcurl-7.29.0-42.el7_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libcurl-devel-7.29.0-42.el7_4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:39", "description": "An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : curl (CESA-2017:3263)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:libcurl", "p-cpe:/a:centos:centos:libcurl-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-3263.NASL", "href": "https://www.tenable.com/plugins/nessus/104790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3263 and \n# CentOS Errata and Security Advisory 2017:3263 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104790);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000257\");\n script_xref(name:\"RHSA\", value:\"2017:3263\");\n\n script_name(english:\"CentOS 7 : curl (CESA-2017:3263)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* A buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP\nserver, an attacker could exploit this flaw to potentially cause\ninformation disclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the\noriginal reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-November/022630.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29e0c499\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000257\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"curl-7.29.0-42.el7_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-42.el7_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-42.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:37", "description": "Security Fix(es) :\n\n - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257)", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-11-28T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : curl on SL7.x x86_64 (20171127)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:curl", "p-cpe:/a:fermilab:scientific_linux:curl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libcurl", "p-cpe:/a:fermilab:scientific_linux:libcurl-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171127_CURL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/104803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104803);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000257\");\n\n script_name(english:\"Scientific Linux Security Update : curl on SL7.x x86_64 (20171127)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A buffer overrun flaw was found in the IMAP handler of\n libcurl. By tricking an unsuspecting user into\n connecting to a malicious IMAP server, an attacker could\n exploit this flaw to potentially cause information\n disclosure or crash the application. (CVE-2017-1000257)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1711&L=scientific-linux-errata&F=&S=&P=1942\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35df378b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"curl-7.29.0-42.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.29.0-42.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libcurl-7.29.0-42.el7_4.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libcurl-devel-7.29.0-42.el7_4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:30", "description": "An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-11-29T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : curl / libcurl / libcurl-devel (VZLSA-2017-3263)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:curl", "p-cpe:/a:virtuozzo:virtuozzo:libcurl", "p-cpe:/a:virtuozzo:virtuozzo:libcurl-devel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-3263.NASL", "href": "https://www.tenable.com/plugins/nessus/104816", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104816);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-1000257\"\n );\n\n script_name(english:\"Virtuozzo 7 : curl / libcurl / libcurl-devel (VZLSA-2017-3263)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for curl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nSecurity Fix(es) :\n\n* A buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP\nserver, an attacker could exploit this flaw to potentially cause\ninformation disclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the\noriginal reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-3263.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a014405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:3263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl / libcurl / libcurl-devel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-42.vl7.1\",\n \"libcurl-7.29.0-42.vl7.1\",\n \"libcurl-devel-7.29.0-42.vl7.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:30", "description": "According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1312)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1312.NASL", "href": "https://www.tenable.com/plugins/nessus/104930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104930);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000257\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1312)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A buffer overrun flaw was found in the IMAP handler of\n libcurl. By tricking an unsuspecting user into\n connecting to a malicious IMAP server, an attacker\n could exploit this flaw to potentially cause\n information disclosure or crash the\n application.(CVE-2017-1000257)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1312\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af505017\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h14\",\n \"libcurl-7.29.0-35.h14\",\n \"libcurl-devel-7.29.0-35.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:30", "description": "According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2017-1313)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1313.NASL", "href": "https://www.tenable.com/plugins/nessus/104931", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104931);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000257\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2017-1313)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A buffer overrun flaw was found in the IMAP handler of\n libcurl. By tricking an unsuspecting user into\n connecting to a malicious IMAP server, an attacker\n could exploit this flaw to potentially cause\n information disclosure or crash the\n application.(CVE-2017-1000257)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1313\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?501e460c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h14\",\n \"libcurl-7.29.0-35.h14\",\n \"libcurl-devel-7.29.0-35.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:31:02", "description": "According to the version of the curl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : curl (EulerOS-SA-2018-1237)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1237.NASL", "href": "https://www.tenable.com/plugins/nessus/117546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117546);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000257\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : curl (EulerOS-SA-2018-1237)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - A buffer overrun flaw was found in the IMAP handler of\n libcurl. By tricking an unsuspecting user into\n connecting to a malicious IMAP server, an attacker\n could exploit this flaw to potentially cause\n information disclosure or crash the\n application.(CVE-2017-1000257)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1237\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?08eb57a9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-43489941ff", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16840", "CVE-2018-16890", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875689", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875689\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-3823\", \"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:16:16 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-43489941ff\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-43489941ff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW4KA7SPW75NPMMSYVK4UCCHU4DAPJ4Y\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-43489941ff advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~8.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-12T20:42:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-10T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-697de0501f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5435", "CVE-2019-3823", "CVE-2018-16840", "CVE-2019-5436", "CVE-2018-16890", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-06-11T00:00:00", "id": "OPENVAS:1361412562310876475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876475", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876475\");\n script_version(\"2019-06-11T06:16:55+0000\");\n script_cve_id(\"CVE-2019-5436\", \"CVE-2019-5435\", \"CVE-2019-3823\", \"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-11 06:16:55 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-10 02:09:35 +0000 (Mon, 10 Jun 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-697de0501f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-697de0501f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-697de0501f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~11.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-427a0ba9e3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875984", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875984", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875984\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:30:30 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-427a0ba9e3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-427a0ba9e3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AMBI4JRD6CXI7BO7EF3SHBEPARNL4ZBQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-427a0ba9e3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~7.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T14:39:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-01T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2019-f2a520135e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5435", "CVE-2019-3823", "CVE-2018-16840", "CVE-2019-5436", "CVE-2018-16890", "CVE-2019-5481", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2019-5482", "CVE-2018-16842"], "modified": "2019-10-01T00:00:00", "id": "OPENVAS:1361412562310876863", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876863", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876863\");\n script_version(\"2019-10-01T10:38:58+0000\");\n script_cve_id(\"CVE-2019-5481\", \"CVE-2019-5482\", \"CVE-2019-5436\", \"CVE-2019-5435\", \"CVE-2019-3823\", \"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-01 10:38:58 +0000 (Tue, 01 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-01 02:25:41 +0000 (Tue, 01 Oct 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2019-f2a520135e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f2a520135e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2019-f2a520135e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~12.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3805-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3805_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for curl USN-3805-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843802\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 06:05:25 +0100 (Thu, 01 Nov 2018)\");\n script_name(\"Ubuntu Update for curl USN-3805-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3805-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3805-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the USN-3805-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\npresent on the target host.\");\n\n script_tag(name:\"insight\", value:\"Harry Sintonen discovered that curl incorrectly\nhandled SASL authentication. A remote attacker could use this issue to cause curl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2018-16839)\n\nBrian Carpenter discovered that curl incorrectly handled memory when\nclosing certain handles. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2018-16840)\n\nBrian Carpenter discovered that the curl command-line tool incorrectly\nhandled error messages. A remote attacker could possibly use this issue to\nobtain sensitive information. (CVE-2018-16842)\");\n\n script_tag(name:\"affected\", value:\"curl on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.35.0-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.35.0-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.35.0-1ubuntu2.19\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.58.0-2ubuntu3.5\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.58.0-2ubuntu3.5\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.58.0-2ubuntu3.5\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.58.0-2ubuntu3.5\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.61.0-1ubuntu2.2\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.61.0-1ubuntu2.2\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.61.0-1ubuntu2.2\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.61.0-1ubuntu2.2\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.47.0-1ubuntu2.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.47.0-1ubuntu2.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.47.0-1ubuntu2.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2018:3706-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852115", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852115\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:58:19 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2018:3706-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3706-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00012.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2018:3706-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n - CVE-2018-16839: A SASL password overflow via integer overflow was fixed\n which could lead to crashes (bsc#1112758)\n\n - CVE-2018-16840: A use-after-free in SASL handle close was fixed which\n could lead to crashes (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\n could lead to crashes (bsc#1113660)\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1379=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini\", rpm:\"curl-mini~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debuginfo\", rpm:\"curl-mini-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debugsource\", rpm:\"curl-mini-debugsource~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-mini-devel\", rpm:\"libcurl-mini-devel~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini\", rpm:\"libcurl4-mini~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini-debuginfo\", rpm:\"libcurl4-mini-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit-debuginfo\", rpm:\"libcurl4-32bit-debuginfo~7.60.0~lp150.2.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-7785911c9e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876088", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876088\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:34:09 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for curl FEDORA-2018-7785911c9e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7785911c9e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGIHNGTPVOH6I4BPWISJJYJ57OV6WETQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2018-7785911c9e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.61.1~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:46:28", "description": "Multiple vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16890\nWenxiang Qian of Tencent Blade Team discovered that the function\nhandling incoming NTLM type-2 messages does not validate incoming\ndata correctly and is subject to an integer overflow vulnerability,\nwhich could lead to an out-of-bounds buffer read.\n\nCVE-2019-3822\nWenxiang Qian of Tencent Blade Team discovered that the function\ncreating an outgoing NTLM type-3 header is subject to an integer\noverflow vulnerability, which could lead to an out-of-bounds write.\n\nCVE-2019-3823\nBrian Carpenter of Geeknik Labs discovered that the code handling\nthe end-of-response for SMTP is subject to an out-of-bounds heap\nread.", "cvss3": {}, "published": "2019-02-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4386-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704386", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704386\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_name(\"Debian Security Advisory DSA 4386-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-02-06 00:00:00 +0100 (Wed, 06 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4386.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16890\nWenxiang Qian of Tencent Blade Team discovered that the function\nhandling incoming NTLM type-2 messages does not validate incoming\ndata correctly and is subject to an integer overflow vulnerability,\nwhich could lead to an out-of-bounds buffer read.\n\nCVE-2019-3822\nWenxiang Qian of Tencent Blade Team discovered that the function\ncreating an outgoing NTLM type-3 header is subject to an integer\noverflow vulnerability, which could lead to an out-of-bounds write.\n\nCVE-2019-3823\nBrian Carpenter of Geeknik Labs discovered that the code handling\nthe end-of-response for SMTP is subject to an out-of-bounds heap\nread.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u9\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:23", "description": "The remote host is missing an update\n for the ", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3882-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843899", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843899", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843899\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-07 04:03:37 +0100 (Thu, 07 Feb 2019)\");\n script_name(\"Ubuntu Update for curl USN-3882-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3882-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3882-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update\n for the 'curl' package(s) announced via the USN-3882-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\n is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Wenxiang Qian discovered that curl\nincorrectly handled certain NTLM authentication messages. A remote attacker\ncould possibly use this issue to cause curl to crash, resulting in a denial\nof service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,\nand Ubuntu 18.10. (CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. A remote attacker could possibly use this issue to cause curl to\ncrash, resulting in a denial of service. (CVE-2019-3823)\");\n\n script_tag(name:\"affected\", value:\"curl on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.35.0-1ubuntu2.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.35.0-1ubuntu2.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.35.0-1ubuntu2.20\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.58.0-2ubuntu3.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.58.0-2ubuntu3.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.58.0-2ubuntu3.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.58.0-2ubuntu3.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.61.0-1ubuntu2.3\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.61.0-1ubuntu2.3\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.61.0-1ubuntu2.3\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl4\", ver:\"7.61.0-1ubuntu2.3\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.47.0-1ubuntu2.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.47.0-1ubuntu2.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.47.0-1ubuntu2.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:24:43", "description": "It was discovered that there were three vulnerabilities in the curl\ncommand-line HTTP (etc.) client:\n\n * CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in\nthe handling of NTLM type-2 messages.\n\n * CVE-2019-3822: Stack-based buffer overflow in the handling of\noutgoing NTLM type-3 headers.\n\n * CVE-2019-3823: Heap out-of-bounds read in code handling\nthe end of a response in the SMTP protocol.", "cvss3": {}, "published": "2019-02-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for curl (DLA-1672-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891672", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891672", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891672\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_name(\"Debian LTS: Security Advisory for curl (DLA-1672-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-12 00:00:00 +0100 (Tue, 12 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00018.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in curl version\n7.38.0-4+deb8u14.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there were three vulnerabilities in the curl\ncommand-line HTTP (etc.) client:\n\n * CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in\nthe handling of NTLM type-2 messages.\n\n * CVE-2019-3822: Stack-based buffer overflow in the handling of\noutgoing NTLM type-3 headers.\n\n * CVE-2019-3823: Heap out-of-bounds read in code handling\nthe end of a response in the SMTP protocol.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u14\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:53:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-02-15T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2019:0173-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852289", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852289\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-15 04:04:38 +0100 (Fri, 15 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2019:0173-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0173-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00022.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2019:0173-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the\n end-of-response for SMTP (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function\n creating an outgoing NTLM type-3 message (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\n handling incoming NTLM type-2 messages (bsc#1123371).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-173=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo-32bit\", rpm:\"libcurl4-debuginfo-32bit~7.37.0~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:53:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-02-15T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2019:0174-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852290", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852290", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852290\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16890\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-15 04:04:47 +0100 (Fri, 15 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2019:0174-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0174-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00023.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2019:0174-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the\n end-of-response for SMTP (bsc#1123378).\n\n - CVE-2019-3822: Fixed a stack based buffer overflow in the function\n creating an outgoing NTLM type-3 message (bsc#1123377).\n\n - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function\n handling incoming NTLM type-2 messages (bsc#1123371).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-174=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini\", rpm:\"curl-mini~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debuginfo\", rpm:\"curl-mini-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-mini-debugsource\", rpm:\"curl-mini-debugsource~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-mini-devel\", rpm:\"libcurl-mini-devel~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini\", rpm:\"libcurl4-mini~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-mini-debuginfo\", rpm:\"libcurl4-mini-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit-debuginfo\", rpm:\"libcurl4-32bit-debuginfo~7.60.0~lp150.2.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T11:52:13", "description": "Oracle MySQL is prone to multiple vulnerabilities in libcurl.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "openvas", "title": "Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.16 Security Update (2019-5072835) - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310142651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142651", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142651\");\n script_version(\"2019-07-24T02:19:13+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 02:19:13 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-24 01:50:04 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2019-3823\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.16 Security Update (2019-5072835) - Windows\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities in libcurl.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.7.26 and prior and 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.7.27, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.27\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T11:52:16", "description": "Oracle MySQL is prone to multiple vulnerabilities in libcurl.", "cvss3": {}, "published": "2019-07-24T00:00:00", "type": "openvas", "title": "Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.16 Security Update (2019-5072835) - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3823", "CVE-2018-16890", "CVE-2019-3822"], "modified": "2019-07-24T00:00:00", "id": "OPENVAS:1361412562310142650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142650", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142650\");\n script_version(\"2019-07-24T02:19:13+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 02:19:13 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-24 01:44:19 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-3822\", \"CVE-2018-16890\", \"CVE-2019-3823\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Oracle MySQL 5.7.x < 5.7.27, 8.0.x < 8.0.16 Security Update (2019-5072835) - Linux\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Oracle MySQL is prone to multiple vulnerabilities in libcurl.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"MySQL 5.7.26 and prior and 8.0.15 and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.7.27, 8.0.16 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"5.7\", test_version2: \"5.7.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"5.7.27\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.0\", test_version2: \"8.0.15\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.0.16\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:40:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-10T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for curl (openSUSE-SU-2018:3699-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-16842"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852120", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852120\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16840\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:59:36 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for curl (openSUSE-SU-2018:3699-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3699-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00009.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the openSUSE-SU-2018:3699-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for curl fixes the following issues:\n\n - CVE-2018-16840: A use after free in closing SASL handles was fixed\n (bsc#1112758)\n\n - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which\n could lead to crashes (bsc#1113660)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1383=1\");\n\n script_tag(name:\"affected\", value:\"curl on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debugsource\", rpm:\"curl-debugsource~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo\", rpm:\"libcurl4-debuginfo~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel-32bit\", rpm:\"libcurl-devel-32bit~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-32bit\", rpm:\"libcurl4-32bit~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl4-debuginfo-32bit\", rpm:\"libcurl4-debuginfo-32bit~7.37.0~42.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:35", "description": "Two vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16839\nHarry Sintonen discovered that, on systems with a 32 bit size_t, an\ninteger overflow would be triggered when a SASL user name longer\nthan 2GB is used. This would in turn cause a very small buffer to be\nallocated instead of the intended very huge one, which would trigger\na heap buffer overflow when the buffer is used.\n\nCVE-2018-16842\nBrian Carpenter discovered that the logic in the curl tool to wrap\nerror messages at 80 columns is flawed, leading to a read buffer\noverflow if a single word in the message is itself longer than 80\nbytes.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4331-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16839", "CVE-2018-16842"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704331", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4331-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704331\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16842\");\n script_name(\"Debian Security Advisory DSA 4331-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-02 00:00:00 +0100 (Fri, 02 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4331.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u8.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"Two vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2018-16839\nHarry Sintonen discovered that, on systems with a 32 bit size_t, an\ninteger overflow would be triggered when a SASL user name longer\nthan 2GB is used. This would in turn cause a very small buffer to be\nallocated instead of the intended very huge one, which would trigger\na heap buffer overflow when the buffer is used.\n\nCVE-2018-16842\nBrian Carpenter discovered that the logic in the curl tool to wrap\nerror messages at 80 columns is flawed, leading to a read buffer\noverflow if a single word in the message is itself longer than 80\nbytes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3498-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3498_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for curl USN-3498-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843384\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-30 07:34:42 +0100 (Thu, 30 Nov 2017)\");\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for curl USN-3498-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alex Nichols discovered that curl\n incorrectly handled NTLM authentication credentials. A remote attacker could use\n this issue to cause curl to crash, resulting in a denial of service, or possibly\n execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04\n and Ubuntu 17.10. (CVE-2017-8816) It was discovered that curl incorrectly\n handled FTP wildcard matching. A remote attacker could use this issue to cause\n curl to crash, resulting in a denial of service, or possibly obtain sensitive\n information. (CVE-2017-8817)\");\n script_tag(name:\"affected\", value:\"curl on Ubuntu 17.10,\n Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3498-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3498-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-10T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-45bdf4dace", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873891", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873891", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_45bdf4dace_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2017-45bdf4dace\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873891\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-10 08:11:42 +0100 (Sun, 10 Dec 2017)\");\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-45bdf4dace\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-45bdf4dace\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUN365G67BKHU3RK2UXAQK7KZ6XSSU7A\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~8.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-10T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-0c062324cd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873888", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_0c062324cd_curl_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2017-0c062324cd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873888\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-10 08:11:14 +0100 (Sun, 10 Dec 2017)\");\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-0c062324cd\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-0c062324cd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVHQBLZRBWKQK2BGDG3SQNPKXVJSDD3L\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.53.1~13.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T19:02:20", "description": "Two vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2017-8816\nAlex Nichols discovered a buffer overrun flaw in the NTLM authentication\ncode which can be triggered on 32bit systems where an integer overflow\nmight occur when calculating the size of a memory allocation.\n\nCVE-2017-8817\nFuzzing by the OSS-Fuzz project led to the discovery of a read out of\nbounds flaw in the FTP wildcard function in libcurl. A malicious server\ncould redirect a libcurl-based client to an URL using a wildcard pattern,\ntriggering the out-of-bound read.", "cvss3": {}, "published": "2017-11-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4051-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704051", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4051-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704051\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_name(\"Debian Security Advisory DSA 4051-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-29 00:00:00 +0100 (Wed, 29 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4051.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u8.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u3.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"Two vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2017-8816\nAlex Nichols discovered a buffer overrun flaw in the NTLM authentication\ncode which can be triggered on 32bit systems where an integer overflow\nmight occur when calculating the size of a memory allocation.\n\nCVE-2017-8817\nFuzzing by the OSS-Fuzz project led to the discovery of a read out of\nbounds flaw in the FTP wildcard function in libcurl. A malicious server\ncould redirect a libcurl-based client to an URL using a wildcard pattern,\ntriggering the out-of-bound read.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-fdc4ca8675", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-1000301", "CVE-2018-16842"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fdc4ca8675_curl_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-fdc4ca8675\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875243\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2018-14618\", \"CVE-2018-0500\", \"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-08 06:36:51 +0100 (Thu, 08 Nov 2018)\");\n script_name(\"Fedora Update for curl FEDORA-2018-fdc4ca8675\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fdc4ca8675\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY3FMTULEN5U4BHBA4JUEBUSZRCLNHJX\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2018-fdc4ca8675 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"curl on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.59.0~8.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-298a3d2923", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16840", "CVE-2018-0500", "CVE-2018-1000300", "CVE-2018-14618", "CVE-2018-16839", "CVE-2018-1000301", "CVE-2018-16842"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_298a3d2923_curl_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-298a3d2923\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875313\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-16842\", \"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-14618\", \"CVE-2018-0500\", \"CVE-2018-1000300\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:24:10 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for curl FEDORA-2018-298a3d2923\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-298a3d2923\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJDKXZW43FFRCVV6EVUWTG3DGR4KM2QK\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the FEDORA-2018-298a3d2923 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"curl on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.59.0~9.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-9dc7338487", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2018-1000007", "CVE-2018-1000300", "CVE-2017-8816", "CVE-2017-1000257", "CVE-2018-1000005", "CVE-2018-1000301"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9dc7338487_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-9dc7338487\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874598\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-24 05:57:24 +0200 (Thu, 24 May 2018)\");\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\", \"CVE-2018-1000120\", \"CVE-2018-1000121\",\n \"CVE-2018-1000122\", \"CVE-2018-1000005\", \"CVE-2018-1000007\", \"CVE-2017-8816\",\n \"CVE-2017-8817\", \"CVE-2017-1000257\", \"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-9dc7338487\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9dc7338487\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IG5IEI7K4IAV5R7FO6MDFXB3NU3CED7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~11.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-22T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-ba443bcb6d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2018-1000007", "CVE-2018-1000300", "CVE-2018-14618", "CVE-2017-8816", "CVE-2017-1000257", "CVE-2018-1000005", "CVE-2018-1000301"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875089", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ba443bcb6d_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-ba443bcb6d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875089\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-22 08:12:29 +0200 (Sat, 22 Sep 2018)\");\n script_cve_id(\"CVE-2018-14618\", \"CVE-2018-1000300\", \"CVE-2018-1000301\", \"CVE-2018-1000120\",\n \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000005\", \"CVE-2018-1000007\",\n \"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-1000257\", \"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-ba443bcb6d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ba443bcb6d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4CPYBJNZ43GUMZI5MTLBBPGT44TLYQK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~14.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:41:13", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1663)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191663", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1663\");\n script_version(\"2020-01-23T12:19:19+0000\");\n script_cve_id(\"CVE-2018-20483\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:19:19 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:19:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1663)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1663\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1663\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'wget' package(s) announced via the EulerOS-SA-2019-1663 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\");\n\n script_tag(name:\"affected\", value:\"'wget' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.5~5.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T16:53:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-01-18T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for wget (openSUSE-SU-2019:0057-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20483"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852242", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852242\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-20483\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-18 04:02:49 +0100 (Fri, 18 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for wget (openSUSE-SU-2019:0057-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0057-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00020.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wget'\n package(s) announced via the openSUSE-SU-2019:0057-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for wget fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-20483: Fixed an information disclosure through file metadata\n (bsc#1120382)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-57=1\");\n\n script_tag(name:\"affected\", value:\"wget on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.19.5~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wget-debuginfo\", rpm:\"wget-debuginfo~1.19.5~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"wget-debugsource\", rpm:\"wget-debugsource~1.19.5~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3457-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843347", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843347", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3457_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for curl USN-3457-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843347\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-25 15:05:57 +0200 (Wed, 25 Oct 2017)\");\n script_cve_id(\"CVE-2017-1000257\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for curl USN-3457-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Brian Carpenter discovered that curl\n incorrectly handled IMAP FETCH response lines. A remote attacker could use this\n issue to cause curl to crash, resulting in a denial of service, or possibly\n execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"curl on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3457-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3457-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.35.0-1ubuntu2.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.35.0-1ubuntu2.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.35.0-1ubuntu2.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.35.0-1ubuntu2.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.35.0-1ubuntu2.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.35.0-1ubuntu2.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-4ubuntu1.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd6\", ver:\"7.52.1-4ubuntu1.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.52.1-4ubuntu1.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd6\", ver:\"7.52.1-4ubuntu1.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.52.1-4ubuntu1.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd6\", ver:\"7.52.1-4ubuntu1.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.52.1-4ubuntu1.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd6\", ver:\"7.47.0-1ubuntu2.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.47.0-1ubuntu2.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd6\", ver:\"7.47.0-1ubuntu2.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.47.0-1ubuntu2.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd6\", ver:\"7.47.0-1ubuntu2.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.47.0-1ubuntu2.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:52", "description": "Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL\ntransfer library, incorrectly parsed an IMAP FETCH response with size 0,\nleading to an out-of-bounds read.", "cvss3": {}, "published": "2017-10-27T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4007-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704007", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4007.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4007-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704007\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-1000257\");\n script_name(\"Debian Security Advisory DSA 4007-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 00:00:00 +0200 (Fri, 27 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4007.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 7.38.0-4+deb8u7.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52.1-5+deb9u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.56.1-1.\n\nWe recommend that you upgrade your curl packages.\");\n script_tag(name:\"summary\", value:\"Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL\ntransfer library, incorrectly parsed an IMAP FETCH response with size 0,\nleading to an out-of-bounds read.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-02T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-ebf32659bf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873554", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873554", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_ebf32659bf_curl_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2017-ebf32659bf\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873554\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 18:05:36 +0530 (Thu, 02 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000257\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-ebf32659bf\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ebf32659bf\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4M7RCFYJ7AH62CARXC4YYLMAQ53FM3I6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.53.1~12.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:51", "description": "Check the version of curl", "cvss3": {}, "published": "2017-11-28T00:00:00", "type": "openvas", "title": "CentOS Update for curl CESA-2017:3263 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_3263_curl_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for curl CESA-2017:3263 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882804\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-28 07:19:08 +0100 (Tue, 28 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000257\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for curl CESA-2017:3263 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of curl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The curl packages provide the libcurl\nlibrary and the curl utility for downloading files from servers using various\nprotocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n * A buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP server,\nan attacker could exploit this flaw to potentially cause information\ndisclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the\noriginal reporters.\");\n script_tag(name:\"affected\", value:\"curl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:3263\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-November/022630.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~42.el7_4.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~42.el7_4.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~42.el7_4.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-28T00:00:00", "type": "openvas", "title": "RedHat Update for curl RHSA-2017:3263-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000257"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310812308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_3263-01_curl.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for curl RHSA-2017:3263-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812308\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-28 07:18:38 +0100 (Tue, 28 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000257\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for curl RHSA-2017:3263-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The curl packages provide the libcurl\nlibrary and the curl utility for downloading files from servers using various\nprotocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n * A buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP server,\nan attacker could exploit this flaw to potentially cause information\ndisclosure or crash the application. (CVE-2017-1000257)\n\nRed Hat would like to thank the Curl project for reporting this issue.\nUpstream acknowledges Brian Carpenter and the OSS-Fuzz project as the\noriginal reporters.\");\n script_tag(name:\"affected\", value:\"curl on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:3263-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-November/msg00031.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~42.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.29.0~42.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~42.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~42.el7_4.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-12T02:58:21", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-8.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2019-02-12T02:58:21", "id": "FEDORA:D8E6160F62FB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WW4KA7SPW75NPMMSYVK4UCCHU4DAPJ4Y/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-09T02:58:45", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-11.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5435", "CVE-2019-5436"], "modified": "2019-06-09T02:58:45", "id": "FEDORA:995AF61F9AAB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-24T04:34:18", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: curl-7.61.1-7.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-20483"], "modified": "2019-01-24T04:34:18", "id": "FEDORA:876686076974", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AMBI4JRD6CXI7BO7EF3SHBEPARNL4ZBQ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46
Medium: curl
