#
# Severity
Medium
# Vendor
Canonical Ubuntu
# Versions Affected
* Canonical Ubuntu 14.04
# Description
Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. ([CVE-2016-9586](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9586>))
Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. ([CVE-2017-1000100](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000100>))
Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handled numerical range globbing. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. ([CVE-2017-1000101](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000101>))
Max Dymond discovered that curl incorrectly handled FTP PWD responses. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service. ([CVE-2017-1000254](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000254>))
Brian Carpenter discovered that curl incorrectly handled the –write-out command line option. A local attacker could possibly use this issue to obtain sensitive memory contents. ([CVE-2017-7407](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7407>))
# Affected Cloud Foundry Products and Versions
_Severity is medium unless otherwise noted._
* Cloud Foundry BOSH stemcells are vulnerable, including:
* 3363.x versions prior to 3363.40
* 3421.x versions prior to 3421.29
* 3445.x versions prior to 3445.15
* All other stemcells not listed.
* All versions of Cloud Foundry cflinuxfs2 prior to 1.160.0
# Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
* The Cloud Foundry project recommends upgrading the following BOSH stemcells:
* Upgrade 3363.x versions prior to 3363.40
* Upgrade 3421.x versions prior to 3421.29
* Upgrade 3445.x versions prior to 3445.15
* All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).
* The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.160.0 or later.
# References
* [USN-3441-1](<http://www.ubuntu.com/usn/usn-3441-1/>)
* [CVE-2016-9586](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9586>)
* [CVE-2017-1000100](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000100>)
* [CVE-2017-1000101](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000101>)
* [CVE-2017-1000254](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000254>)
* [CVE-2017-7407](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7407>)
{"id": "CFOUNDRY:4CFCCAC7D8EED4AADC23078DD6BCE0FD", "type": "cloudfoundry", "bulletinFamily": "software", "title": "USN-3441-1: curl vulnerabilities | Cloud Foundry", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nDaniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. ([CVE-2016-9586](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9586>))\n\nEven Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. ([CVE-2017-1000100](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000100>))\n\nBrian Carpenter and Yongji Ouyang discovered that curl incorrectly handled numerical range globbing. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. ([CVE-2017-1000101](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000101>))\n\nMax Dymond discovered that curl incorrectly handled FTP PWD responses. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service. ([CVE-2017-1000254](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000254>))\n\nBrian Carpenter discovered that curl incorrectly handled the \u2013write-out command line option. A local attacker could possibly use this issue to obtain sensitive memory contents. ([CVE-2017-7407](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7407>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.40\n * 3421.x versions prior to 3421.29\n * 3445.x versions prior to 3445.15\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.160.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions prior to 3363.40\n * Upgrade 3421.x versions prior to 3421.29\n * Upgrade 3445.x versions prior to 3445.15\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.160.0 or later.\n\n# References\n\n * [USN-3441-1](<http://www.ubuntu.com/usn/usn-3441-1/>)\n * [CVE-2016-9586](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9586>)\n * [CVE-2017-1000100](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000100>)\n * [CVE-2017-1000101](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000101>)\n * [CVE-2017-1000254](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000254>)\n * [CVE-2017-7407](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7407>)\n", "published": "2017-11-01T00:00:00", "modified": "2017-11-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, "href": "https://www.cloudfoundry.org/blog/usn-3441-1/", "reporter": "Cloud Foundry", "references": [], "cvelist": ["CVE-2017-7407", "CVE-2017-1000254", "CVE-2017-1000101", "CVE-2017-1000100", "CVE-2016-9586"], "immutableFields": [], "lastseen": "2019-05-29T18:32:41", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2017-806", "ALAS-2017-850", "ALAS-2017-889", "ALAS-2017-919", "ALAS2-2019-1162"]}, {"type": "apple", "idList": ["APPLE:0627AF17A33B956DE48ACE757A30BFB9", "APPLE:9B46AE29405754A18BF1D4AC1DEC5F7E", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:E8FF9F04ED54DD8E8D5B899FB4A8000E", "APPLE:HT207615", "APPLE:HT207922", "APPLE:HT208221", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201612-22", "ASA-201701-10", "ASA-201701-11", "ASA-201701-7", "ASA-201701-8", "ASA-201701-9", "ASA-201708-16", "ASA-201710-2", "ASA-201710-3", "ASA-201710-4", "ASA-201710-5", "ASA-201710-6", "ASA-201710-7"]}, {"type": "cve", "idList": ["CVE-2016-9586", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254", "CVE-2017-7407"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1062-1:B8EF3", "DEBIAN:DLA-1121-1:CE806", "DEBIAN:DLA-1568-1:3204E", "DEBIAN:DLA-1568-1:BCC8A", "DEBIAN:DLA-767-1:4CC6E", "DEBIAN:DLA-767-1:B58F0", "DEBIAN:DLA-883-1:BAD47", "DEBIAN:DSA-3992-1:192C5", "DEBIAN:DSA-3992-1:EE5A8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9586", "DEBIANCVE:CVE-2017-1000100", "DEBIANCVE:CVE-2017-1000101", "DEBIANCVE:CVE-2017-1000254", "DEBIANCVE:CVE-2017-7407"]}, {"type": "fedora", "idList": ["FEDORA:07E88601F374", "FEDORA:0F821601EDCC", "FEDORA:2516F60DE59E", "FEDORA:2E38A6085FA7", "FEDORA:444C06055DCE", "FEDORA:45C09609270A", "FEDORA:4B79E60877A0", "FEDORA:5C8E66094E72", "FEDORA:7324D606D191", "FEDORA:87D78601E81F", "FEDORA:D8F3E60648C3"]}, {"type": "freebsd", "idList": ["04F29189-1A05-11E7-BC6E-B499BAEBFEAF", "42880202-C81C-11E6-A9A5-B499BAEBFEAF", "69CFA386-7CD0-11E7-867F-B499BAEBFEAF", "CCACE707-A8D8-11E7-AC58-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201701-47", "GLSA-201709-14", "GLSA-201712-04"]}, {"type": "ibm", "idList": ["97D4066C468332D5D908235549288A7BF7AAC2745F5CDDAF06587AAD7D17EF91", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "AD451DAE200F4A46686ED7A0FE36F67961972806FA8AE46B77B3F4F2CC99992A"]}, {"type": "mageia", "idList": ["MGASA-2017-0281", "MGASA-2018-0053", "MGASA-2018-0054"]}, {"type": "nessus", "idList": ["700170.PRM", "700512.PRM", "700513.PRM", "AL2_ALAS-2019-1162.NASL", "ALA_ALAS-2017-806.NASL", "ALA_ALAS-2017-850.NASL", "ALA_ALAS-2017-889.NASL", "ALA_ALAS-2017-919.NASL", "DEBIAN_DLA-1062.NASL", "DEBIAN_DLA-1121.NASL", "DEBIAN_DLA-1568.NASL", "DEBIAN_DLA-767.NASL", "DEBIAN_DLA-883.NASL", "DEBIAN_DSA-3992.NASL", "EULEROS_SA-2017-1287.NASL", "EULEROS_SA-2017-1288.NASL", "EULEROS_SA-2018-1202.NASL", "EULEROS_SA-2018-1203.NASL", "EULEROS_SA-2018-1330.NASL", "EULEROS_SA-2018-1401.NASL", "EULEROS_SA-2018-1427.NASL", "EULEROS_SA-2019-1002.NASL", "EULEROS_SA-2019-1083.NASL", "EULEROS_SA-2019-1163.NASL", "EULEROS_SA-2019-1172.NASL", "EULEROS_SA-2019-1206.NASL", "EULEROS_SA-2019-1549.NASL", "EULEROS_SA-2019-1550.NASL", "EULEROS_SA-2019-1665.NASL", "EULEROS_SA-2019-1697.NASL", "EULEROS_SA-2019-1751.NASL", "EULEROS_SA-2019-2054.NASL", "FEDORA_2016-86D2B5AEFB.NASL", "FEDORA_2016-EDBB33AB2E.NASL", "FEDORA_2017-601B4C20A4.NASL", "FEDORA_2017-B38B98727E.NASL", "FEDORA_2017-E396614CD0.NASL", "FEDORA_2017-E8179C06FD.NASL", "FEDORA_2017-F1FFD18079.NASL", "FEDORA_2017-F2DF9D7772.NASL", "FREEBSD_PKG_04F291891A0511E7BC6EB499BAEBFEAF.NASL", "FREEBSD_PKG_42880202C81C11E6A9A5B499BAEBFEAF.NASL", "FREEBSD_PKG_69CFA3867CD011E7867FB499BAEBFEAF.NASL", "FREEBSD_PKG_CCACE707A8D811E7AC58B499BAEBFEAF.NASL", "GENTOO_GLSA-201701-47.NASL", "GENTOO_GLSA-201709-14.NASL", "GENTOO_GLSA-201712-04.NASL", "MACOSX_SECUPD2017-003.NASL", "MACOSX_SECUPD2017-004.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_12_4.NASL", "MACOS_10_13_1.NASL", "MACOS_10_13_2.NASL", "OPENSUSE-2017-1200.NASL", "OPENSUSE-2017-513.NASL", "OPENSUSE-2017-951.NASL", "PFSENSE_SA-17_04.NASL", "PHOTONOS_PHSA-2017-0041.NASL", "PHOTONOS_PHSA-2017-0041_CURL.NASL", "PHOTONOS_PHSA-2017-0044.NASL", "PHOTONOS_PHSA-2017-0044_CURL.NASL", "PHOTONOS_PHSA-2017-0045.NASL", "PHOTONOS_PHSA-2017-0045_CURL.NASL", "SLACKWARE_SSA_2017-221-01.NASL", "SLACKWARE_SSA_2017-279-01.NASL", "SUSE_SU-2017-1042-1.NASL", "SUSE_SU-2017-1043-1.NASL", "SUSE_SU-2017-2174-1.NASL", "SUSE_SU-2017-2312-1.NASL", "SUSE_SU-2017-2831-1.NASL", "SUSE_SU-2017-3176-1.NASL", "UBUNTU_USN-3441-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703992", "OPENVAS:1361412562310810728", "OPENVAS:1361412562310811536", "OPENVAS:1361412562310811959", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310843328", "OPENVAS:1361412562310872189", "OPENVAS:1361412562310872211", "OPENVAS:1361412562310872556", "OPENVAS:1361412562310873264", "OPENVAS:1361412562310873268", "OPENVAS:1361412562310873507", "OPENVAS:1361412562310874598", "OPENVAS:1361412562310875089", "OPENVAS:1361412562310890883", "OPENVAS:1361412562310891062", "OPENVAS:1361412562310891121", "OPENVAS:1361412562310891568", "OPENVAS:1361412562311220171287", "OPENVAS:1361412562311220171288", "OPENVAS:1361412562311220181202", "OPENVAS:1361412562311220181203", "OPENVAS:1361412562311220181330", "OPENVAS:1361412562311220181401", "OPENVAS:1361412562311220181427", "OPENVAS:1361412562311220191002", "OPENVAS:1361412562311220191083", "OPENVAS:1361412562311220191163", "OPENVAS:1361412562311220191172", "OPENVAS:1361412562311220191206", "OPENVAS:1361412562311220191549", "OPENVAS:1361412562311220191550", "OPENVAS:1361412562311220191665", "OPENVAS:1361412562311220191697", "OPENVAS:1361412562311220191751", "OPENVAS:1361412562311220192054"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296"]}, {"type": "osv", "idList": ["OSV:DLA-1062-1", "OSV:DLA-1121-1", "OSV:DLA-1568-1", "OSV:DLA-767-1", "OSV:DLA-883-1", "OSV:DSA-3992-1"]}, {"type": "photon", "idList": ["PHSA-2017-0002", "PHSA-2017-0045", "PHSA-2017-0082", "PHSA-2017-0084"]}, {"type": "redhat", "idList": ["RHSA-2018:2486", "RHSA-2018:3558"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9586", "RH:CVE-2017-1000100", "RH:CVE-2017-1000101", "RH:CVE-2017-1000254", "RH:CVE-2017-7407"]}, {"type": "slackware", "idList": ["SSA-2017-221-01", "SSA-2017-279-01"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2470-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2017:2701-1"]}, {"type": "ubuntu", "idList": ["USN-3441-1", "USN-3441-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9586", "UB:CVE-2017-1000100", "UB:CVE-2017-1000101", "UB:CVE-2017-1000254", "UB:CVE-2017-7407"]}]}, "score": {"value": 2.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-806", "ALAS-2017-850", "ALAS-2017-889", "ALAS-2017-919"]}, {"type": "apple", "idList": ["APPLE:9B46AE29405754A18BF1D4AC1DEC5F7E", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT207922", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201612-22", "ASA-201701-10", "ASA-201701-11", "ASA-201701-7", "ASA-201701-8", "ASA-201701-9", "ASA-201708-16", "ASA-201710-2", "ASA-201710-3", "ASA-201710-4", "ASA-201710-5", "ASA-201710-6", "ASA-201710-7"]}, {"type": "cve", "idList": ["CVE-2017-7407"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1062-1:B8EF3", "DEBIAN:DLA-1121-1:CE806", "DEBIAN:DLA-767-1:B58F0", "DEBIAN:DLA-883-1:BAD47", "DEBIAN:DSA-3992-1:EE5A8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9586", "DEBIANCVE:CVE-2017-1000100", "DEBIANCVE:CVE-2017-1000101", "DEBIANCVE:CVE-2017-1000254", "DEBIANCVE:CVE-2017-7407"]}, {"type": "fedora", "idList": ["FEDORA:07E88601F374", "FEDORA:0F821601EDCC", "FEDORA:2516F60DE59E", "FEDORA:2E38A6085FA7", "FEDORA:444C06055DCE", "FEDORA:45C09609270A", "FEDORA:4B79E60877A0", "FEDORA:5C8E66094E72", "FEDORA:7324D606D191", "FEDORA:87D78601E81F", "FEDORA:D8F3E60648C3"]}, {"type": "freebsd", "idList": ["04F29189-1A05-11E7-BC6E-B499BAEBFEAF", "42880202-C81C-11E6-A9A5-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201709-14"]}, {"type": "ibm", "idList": ["AD451DAE200F4A46686ED7A0FE36F67961972806FA8AE46B77B3F4F2CC99992A"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ALPINE-LINUX-CVE-2017-1000100/", "MSF:ILITIES/ALPINE-LINUX-CVE-2017-1000254/", "MSF:ILITIES/AMAZON_LINUX-CVE-2017-1000100/", "MSF:ILITIES/AMAZON_LINUX-CVE-2017-1000254/", "MSF:ILITIES/APPLE-OSX-CURL-CVE-2017-1000100/", "MSF:ILITIES/APPLE-OSX-CURL-CVE-2017-1000254/", "MSF:ILITIES/DEBIAN-CVE-2017-1000100/", "MSF:ILITIES/GENTOO-LINUX-CVE-2017-1000100/", "MSF:ILITIES/GENTOO-LINUX-CVE-2017-1000254/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-1000254/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-1000100/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-1000254/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-1000100/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2017-1000100/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-1000100/", "MSF:ILITIES/SUSE-CVE-2017-1000100/", "MSF:ILITIES/SUSE-CVE-2017-1000254/", "MSF:ILITIES/UBUNTU-CVE-2017-1000100/", "MSF:ILITIES/UBUNTU-CVE-2017-1000254/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-806.NASL", "ALA_ALAS-2017-889.NASL", "DEBIAN_DLA-767.NASL", "DEBIAN_DLA-883.NASL", "FEDORA_2016-86D2B5AEFB.NASL", "FEDORA_2016-EDBB33AB2E.NASL", "FEDORA_2017-B38B98727E.NASL", "FREEBSD_PKG_04F291891A0511E7BC6EB499BAEBFEAF.NASL", "FREEBSD_PKG_42880202C81C11E6A9A5B499BAEBFEAF.NASL", "GENTOO_GLSA-201709-14.NASL", "PFSENSE_SA-17_04.NASL", "SUSE_SU-2017-2312-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872189", "OPENVAS:1361412562310873264", "OPENVAS:1361412562310873268"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2018"]}, {"type": "photon", "idList": ["PHSA-2017-0002", "PHSA-2017-0045"]}, {"type": "redhat", "idList": ["RHSA-2018:2486"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9586", "RH:CVE-2017-1000100", "RH:CVE-2017-1000101", "RH:CVE-2017-1000254", "RH:CVE-2017-7407"]}, {"type": "slackware", "idList": ["SSA-2017-221-01", "SSA-2017-279-01"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2470-1"]}, {"type": "symantec", "idList": ["SMNTC-110604"]}, {"type": "ubuntu", "idList": ["USN-3441-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9586", "UB:CVE-2017-1000100", "UB:CVE-2017-1000101", "UB:CVE-2017-1000254", "UB:CVE-2017-7407"]}]}, "exploitation": null, "vulnersScore": 2.2}, "affectedSoftware": [], "_state": {"dependencies": 1659998956, "score": 1659978068}, "_internal": {"score_hash": "693b7419e130fc3b7b2f91027d56c0fc"}}
{"nessus": [{"lastseen": "2021-08-19T12:35:06", "description": "Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9586)\n\nEven Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100)\n\nBrian Carpenter and Yongji Ouyang discovered that curl incorrectly handled numerical range globbing. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000101)\n\nMax Dymond discovered that curl incorrectly handled FTP PWD responses.\nA remote attacker could use this issue to cause curl to crash, resulting in a denial of service. (CVE-2017-1000254)\n\nBrian Carpenter discovered that curl incorrectly handled the\n--write-out command line option. A local attacker could possibly use this issue to obtain sensitive memory contents. (CVE-2017-7407).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-11T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : curl vulnerabilities (USN-3441-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254", "CVE-2017-7407"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3441-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3441-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103773);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-1000100\", \"CVE-2017-1000101\", \"CVE-2017-1000254\", \"CVE-2017-7407\");\n script_xref(name:\"USN\", value:\"3441-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : curl vulnerabilities (USN-3441-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel Stenberg discovered that curl incorrectly handled large\nfloating point output. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n16.04 LTS. (CVE-2016-9586)\n\nEven Rouault discovered that curl incorrectly handled large file names\nwhen doing TFTP transfers. A remote attacker could use this issue to\ncause curl to crash, resulting in a denial of service, or possibly\nobtain sensitive memory contents. (CVE-2017-1000100)\n\nBrian Carpenter and Yongji Ouyang discovered that curl incorrectly\nhandled numerical range globbing. A remote attacker could use this\nissue to cause curl to crash, resulting in a denial of service, or\npossibly obtain sensitive memory contents. (CVE-2017-1000101)\n\nMax Dymond discovered that curl incorrectly handled FTP PWD responses.\nA remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service. (CVE-2017-1000254)\n\nBrian Carpenter discovered that curl incorrectly handled the\n--write-out command line option. A local attacker could possibly use\nthis issue to obtain sensitive memory contents. (CVE-2017-7407).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3441-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"curl\", pkgver:\"7.52.1-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3\", pkgver:\"7.52.1-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.52.1-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.52.1-4ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-11T18:52:59", "description": "Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2017-1000100 Even Rouault reported that cURL does not properly handle long file names when doing an TFTP upload. A malicious HTTP(S) server can take advantage of this flaw by redirecting a client using the cURL library to a crafted TFTP URL and trick it to send private memory contents to a remote server over UDP.\n\n - CVE-2017-1000101 Brian Carpenter and Yongji Ouyang reported that cURL contains a flaw in the globbing function that parses the numerical range, leading to an out-of-bounds read when parsing a specially crafted URL.\n\n - CVE-2017-1000254 Max Dymond reported that cURL contains an out-of-bounds read flaw in the FTP PWD response parser. A malicious server can take advantage of this flaw to effectively prevent a client using the cURL library to work with it, causing a denial of service.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-09T00:00:00", "type": "nessus", "title": "Debian DSA-3992-1 : curl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:curl:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-3992.NASL", "href": "https://www.tenable.com/plugins/nessus/103715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3992. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103715);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2017-1000101\", \"CVE-2017-1000254\");\n script_xref(name:\"DSA\", value:\"3992\");\n\n script_name(english:\"Debian DSA-3992-1 : curl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2017-1000100\n Even Rouault reported that cURL does not properly handle\n long file names when doing an TFTP upload. A malicious\n HTTP(S) server can take advantage of this flaw by\n redirecting a client using the cURL library to a crafted\n TFTP URL and trick it to send private memory contents to\n a remote server over UDP.\n\n - CVE-2017-1000101\n Brian Carpenter and Yongji Ouyang reported that cURL\n contains a flaw in the globbing function that parses the\n numerical range, leading to an out-of-bounds read when\n parsing a specially crafted URL.\n\n - CVE-2017-1000254\n Max Dymond reported that cURL contains an out-of-bounds\n read flaw in the FTP PWD response parser. A malicious\n server can take advantage of this flaw to effectively\n prevent a client using the cURL library to work with it,\n causing a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3992\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u6.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"curl\", reference:\"7.52.1-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3\", reference:\"7.52.1-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-dbg\", reference:\"7.52.1-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-gnutls\", reference:\"7.52.1-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl3-nss\", reference:\"7.52.1-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-doc\", reference:\"7.52.1-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.52.1-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.52.1-5+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.52.1-5+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:35", "description": "This update for curl fixes the following issues :\n\n - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644)\n\n - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read (bsc#1032309)\n\n - CVE-2016-9586: libcurl printf issue could lead to buffer overflow (bsc#1015332)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : curl (SUSE-SU-2017:2312-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2017-1000100", "CVE-2017-7407"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2312-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2312-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102910);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-1000100\", \"CVE-2017-7407\");\n\n script_name(english:\"SUSE SLES11 Security Update : curl (SUSE-SU-2017:2312-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2017-1000100: TFP sends more than buffer size and it\n could lead to a denial of service (bsc#1051644)\n\n - CVE-2017-7407: ourWriteOut function problem could lead\n to a heap buffer over-read (bsc#1032309)\n\n - CVE-2016-9586: libcurl printf issue could lead to buffer\n overflow (bsc#1015332)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9586/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000100/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7407/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172312-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ceed4225\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-curl-13256=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-curl-13256=1\n\nSUSE Linux Enterprise Server 11-SECURITY:zypper in -t patch\nsecsp3-curl-13256=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-curl-13256=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.70.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.19.7-1.70.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"curl-7.19.7-1.70.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcurl4-7.19.7-1.70.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-25T17:21:20", "description": "An update of the curl package has been released.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Curl PHSA-2017-0045", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2017-0045_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121761", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0045. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121761);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2017-1000099\",\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-1000254\"\n );\n\n script_name(english:\"Photon OS 2.0: Curl PHSA-2017-0045\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-2.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000101\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-debuginfo-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-devel-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.54.1-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"curl-libs-7.54.1-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:35:50", "description": "This update for curl fixes the following issues :\n\n - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644)\n\n - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2017-08-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2174-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2017-1000101"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2174-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2174-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102540);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2017-1000101\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2174-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2017-1000100: TFP sends more than buffer size and it\n could lead to a denial of service (bsc#1051644)\n\n - CVE-2017-1000101: URL globbing out of bounds read could\n lead to a denial of service (bsc#1051643)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000100/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000101/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172174-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5129d1e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1335=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1335=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1335=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1335=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1335=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1335=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1335=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-1335=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1335=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:35:49", "description": "This update for curl fixes the following issues :\n\n - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644)\n\n - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2017-08-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2017-951)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2017-1000101"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-951.NASL", "href": "https://www.tenable.com/plugins/nessus/102566", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-951.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102566);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2017-1000101\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2017-951)\");\n script_summary(english:\"Check for the openSUSE-2017-951 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\n - CVE-2017-1000100: TFP sends more than buffer size and it\n could lead to a denial of service (bsc#1051644)\n\n - CVE-2017-1000101: URL globbing out of bounds read could\n lead to a denial of service (bsc#1051643)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051644\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debuginfo-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debugsource-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl-devel-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-debuginfo-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-16.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:37:35", "description": "This update for curl fixes the following issues: These security issues were fixed :\n\n - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)\n\n - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-19T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : curl (SUSE-SU-2017:1043-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2017-7407"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-1043-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1043-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99465);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-7407\");\n\n script_name(english:\"SUSE SLES11 Security Update : curl (SUSE-SU-2017:1043-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues: These security issues\nwere fixed :\n\n - CVE-2016-9586: libcurl printf floating point buffer\n overflow (bsc#1015332)\n\n - CVE-2017-7407: The ourWriteOut function in\n tool_writeout.c in curl might have allowed physically\n proximate attackers to obtain sensitive information from\n process memory in opportunistic circumstances by reading\n a workstation screen during use of a --write-out\n argument ending in a '%' character, which lead to a\n heap-based buffer over-read (bsc#1032309).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9586/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7407/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171043-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed5a70e8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-curl-13065=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-curl-13065=1\n\nSUSE Linux Enterprise Server 11-SECURITY:zypper in -t patch\nsecsp3-curl-13065=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-curl-13065=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.19.7-1.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"curl-7.19.7-1.69.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcurl4-7.19.7-1.69.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:30", "description": "This update for curl fixes the following issues: Security issue fixed :\n\n - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)\n\n - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-19T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:1042-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2017-7407"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1042-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1042-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99464);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-7407\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:1042-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues: Security issue \nfixed :\n\n - CVE-2016-9586: libcurl printf floating point buffer\n overflow (bsc#1015332)\n\n - CVE-2017-7407: The ourWriteOut function in\n tool_writeout.c in curl might have allowed physically\n proximate attackers to obtain sensitive information from\n process memory in opportunistic circumstances by reading\n a workstation screen during use of a --write-out\n argument ending in a '%' character, which lead to a\n heap-based buffer over-read (bsc#1032309). With this\n release new default ciphers are active (SUSE_DEFAULT,\n bsc#1027712).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9586/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7407/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171042-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62293157\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-609=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-609=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-609=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-609=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-609=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-609=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-609=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-609=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debuginfo-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"curl-debugsource-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-32bit-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libcurl4-debuginfo-32bit-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"curl-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:10", "description": "This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)\n\n - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).\n\nWith this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2017-513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2017-7407"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-513.NASL", "href": "https://www.tenable.com/plugins/nessus/99702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-513.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99702);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-7407\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2017-513)\");\n script_summary(english:\"Check for the openSUSE-2017-513 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2016-9586: libcurl printf floating point buffer\n overflow (bsc#1015332)\n\n - CVE-2017-7407: The ourWriteOut function in\n tool_writeout.c in curl might have allowed physically\n proximate attackers to obtain sensitive information from\n process memory in opportunistic circumstances by reading\n a workstation screen during use of a --write-out\n argument ending in a '%' character, which lead to a\n heap-based buffer over-read (bsc#1032309).\n\nWith this release new default ciphers are active (SUSE_DEFAULT,\nbsc#1027712).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032309\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"curl-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"curl-debuginfo-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"curl-debugsource-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libcurl-devel-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libcurl4-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libcurl4-debuginfo-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-7.37.0-16.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debuginfo-7.37.0-16.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debugsource-7.37.0-16.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl-devel-7.37.0-16.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-7.37.0-16.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-debuginfo-7.37.0-16.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-16.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-16.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-16.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:37", "description": "The remote host is affected by the vulnerability described in GLSA-201709-14 (cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could cause a Denial of Service condition, obtain sensitive information, or bypass intended restrictions for TLS sessions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-09-18T00:00:00", "type": "nessus", "title": "GLSA-201709-14 : cURL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-7407", "CVE-2017-7468"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:curl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201709-14.NASL", "href": "https://www.tenable.com/plugins/nessus/103282", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201709-14.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103282);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000099\", \"CVE-2017-1000100\", \"CVE-2017-1000101\", \"CVE-2017-7407\", \"CVE-2017-7468\");\n script_xref(name:\"GLSA\", value:\"201709-14\");\n\n script_name(english:\"GLSA-201709-14 : cURL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201709-14\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause a Denial of Service condition, obtain\n sensitive information, or bypass intended restrictions for TLS sessions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201709-14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.55.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.55.1\"), vulnerable:make_list(\"lt 7.55.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:35:45", "description": "The cURL project reports :\n\n- FILE buffer read out of bounds\n\n- TFTP sends more than buffer size\n\n- URL globbing out of bounds read", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2017-08-10T00:00:00", "type": "nessus", "title": "FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_69CFA3867CD011E7867FB499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/102330", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102330);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000099\", \"CVE-2017-1000100\", \"CVE-2017-1000101\");\n\n script_name(english:\"FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cURL project reports :\n\n- FILE buffer read out of bounds\n\n- TFTP sends more than buffer size\n\n- URL globbing out of bounds read\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/security.html\"\n );\n # https://vuxml.freebsd.org/freebsd/69cfa386-7cd0-11e7-867f-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7dcd3b62\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl<7.55.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:35:48", "description": "New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-221-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-221-01.NASL", "href": "https://www.tenable.com/plugins/nessus/102365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-221-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102365);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000099\", \"CVE-2017-1000100\", \"CVE-2017-1000101\");\n script_xref(name:\"SSA\", value:\"2017-221-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-221-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.557504\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?091c1890\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.55.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:35:44", "description": "Security fixes for CVE-2017-1000100 and CVE-2017-1000101\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2017-08-14T00:00:00", "type": "nessus", "title": "Fedora 25 : curl (2017-f2df9d7772)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-F2DF9D7772.NASL", "href": "https://www.tenable.com/plugins/nessus/102463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f2df9d7772.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102463);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000099\", \"CVE-2017-1000100\", \"CVE-2017-1000101\");\n script_xref(name:\"FEDORA\", value:\"2017-f2df9d7772\");\n\n script_name(english:\"Fedora 25 : curl (2017-f2df9d7772)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes for CVE-2017-1000100 and CVE-2017-1000101\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f2df9d7772\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"curl-7.51.0-9.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:35:51", "description": "Security fixes for CVE-2017-1000100 and CVE-2017-1000101\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2017-08-14T00:00:00", "type": "nessus", "title": "Fedora 26 : curl (2017-f1ffd18079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-F1FFD18079.NASL", "href": "https://www.tenable.com/plugins/nessus/102462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-f1ffd18079.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102462);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000099\", \"CVE-2017-1000100\", \"CVE-2017-1000101\");\n script_xref(name:\"FEDORA\", value:\"2017-f1ffd18079\");\n\n script_name(english:\"Fedora 26 : curl (2017-f1ffd18079)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes for CVE-2017-1000100 and CVE-2017-1000101\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f1ffd18079\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"curl-7.53.1-10.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:35:30", "description": "FILE buffer read out of bounds (CVE-2017-1000099)\n\nTFTP sends more than buffer size (CVE-2017-1000100)\n\nURL globbing out of bounds read (CVE-2017-1000101)", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2017-889)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-889.NASL", "href": "https://www.tenable.com/plugins/nessus/102877", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-889.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102877);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-1000099\", \"CVE-2017-1000100\", \"CVE-2017-1000101\");\n script_xref(name:\"ALAS\", value:\"2017-889\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2017-889)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"FILE buffer read out of bounds (CVE-2017-1000099)\n\nTFTP sends more than buffer size (CVE-2017-1000100)\n\nURL globbing out of bounds read (CVE-2017-1000101)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-889.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.51.0-9.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.51.0-9.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.51.0-9.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.51.0-9.75.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-04T02:01:30", "description": "An update of [go,curl,libtiff,systemd,bash] packages for PhotonOS has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Bash / Curl / Go / Libtiff / Systemd PHSA-2017-0045 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9401", "CVE-2017-12944", "CVE-2017-15041", "CVE-2017-15908", "CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bash", "p-cpe:/a:vmware:photonos:curl", "p-cpe:/a:vmware:photonos:go", "p-cpe:/a:vmware:photonos:libtiff", "p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2017-0045.NASL", "href": "https://www.tenable.com/plugins/nessus/111894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0045. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111894);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2016-9401\",\n \"CVE-2017-12944\",\n \"CVE-2017-15041\",\n \"CVE-2017-15908\",\n \"CVE-2017-1000099\",\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-1000254\"\n );\n\n script_name(english:\"Photon OS 2.0: Bash / Curl / Go / Libtiff / Systemd PHSA-2017-0045 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [go,curl,libtiff,systemd,bash] packages for PhotonOS has\nbeen released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dc68905\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15041\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:go\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"bash-4.4.12-1.ph2\",\n \"bash-debuginfo-4.4.12-1.ph2\",\n \"bash-devel-4.4.12-1.ph2\",\n \"bash-lang-4.4.12-1.ph2\",\n \"curl-7.54.1-3.ph2\",\n \"curl-debuginfo-7.54.1-3.ph2\",\n \"curl-devel-7.54.1-3.ph2\",\n \"curl-libs-7.54.1-3.ph2\",\n \"go-1.9.1-1.ph2\",\n \"go-debuginfo-1.9.1-1.ph2\",\n \"libtiff-4.0.8-5.ph2\",\n \"libtiff-debuginfo-4.0.8-5.ph2\",\n \"libtiff-devel-4.0.8-5.ph2\",\n \"systemd-233-11.ph2\",\n \"systemd-debuginfo-233-11.ph2\",\n \"systemd-devel-233-11.ph2\",\n \"systemd-lang-233-11.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / curl / go / libtiff / systemd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:21", "description": "- fix floating point buffer overflow issues (CVE-2016-9586)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-28T00:00:00", "type": "nessus", "title": "Fedora 25 : curl (2016-edbb33ab2e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-EDBB33AB2E.NASL", "href": "https://www.tenable.com/plugins/nessus/96160", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-edbb33ab2e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96160);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9586\");\n script_xref(name:\"FEDORA\", value:\"2016-edbb33ab2e\");\n\n script_name(english:\"Fedora 25 : curl (2016-edbb33ab2e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix floating point buffer overflow issues\n (CVE-2016-9586)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-edbb33ab2e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"curl-7.51.0-4.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:19", "description": "It was discovered that libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes.\n\nThe flaw happens because the floating point conversion is using system functions without the correct boundary checks.\n\nIf there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.\n\nThis flaw does not exist in the command line tool.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.26.0-1+wheezy18.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "Debian DLA-767-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-767.NASL", "href": "https://www.tenable.com/plugins/nessus/96183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-767-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96183);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9586\");\n\n script_name(english:\"Debian DLA-767-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libcurl's implementation of the printf()\nfunctions triggers a buffer overflow when doing a large floating point\noutput. The bug occurs when the conversion outputs more than 255\nbytes.\n\nThe flaw happens because the floating point conversion is using system\nfunctions without the correct boundary checks.\n\nIf there are any application that accepts a format string from the\noutside without necessary input filtering, it could allow remote\nattacks.\n\nThis flaw does not exist in the command line tool.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.26.0-1+wheezy18.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"curl\", reference:\"7.26.0-1+wheezy18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3\", reference:\"7.26.0-1+wheezy18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-dbg\", reference:\"7.26.0-1+wheezy18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-gnutls\", reference:\"7.26.0-1+wheezy18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-nss\", reference:\"7.26.0-1+wheezy18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.26.0-1+wheezy18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.26.0-1+wheezy18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.26.0-1+wheezy18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:30", "description": "- fix floating point buffer overflow issues (CVE-2016-9586)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "Fedora 24 : curl (2016-86d2b5aefb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-86D2B5AEFB.NASL", "href": "https://www.tenable.com/plugins/nessus/96209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-86d2b5aefb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96209);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9586\");\n script_xref(name:\"FEDORA\", value:\"2016-86d2b5aefb\");\n\n script_name(english:\"Fedora 24 : curl (2016-86d2b5aefb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix floating point buffer overflow issues\n (CVE-2016-9586)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-86d2b5aefb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"curl-7.47.1-10.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:11:07", "description": "libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. This flaw does not exist in the command line tool.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2017-806)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586"], "modified": "2018-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-806.NASL", "href": "https://www.tenable.com/plugins/nessus/97896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-806.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97896);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/08/31 12:25:00\");\n\n script_cve_id(\"CVE-2016-9586\");\n script_xref(name:\"ALAS\", value:\"2017-806\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2017-806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libcurl's implementation of the printf() functions triggers a buffer\noverflow when doing a large floating point output. If there are any\napplication that accepts a format string from the outside without\nnecessary input filtering, it could allow remote attacks. This flaw\ndoes not exist in the command line tool.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-806.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.47.1-9.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.47.1-9.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.47.1-9.70.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.47.1-9.70.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:31", "description": "The cURL project reports : printf floating point buffer overflow libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "FreeBSD : cURL -- buffer overflow (42880202-c81c-11e6-a9a5-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_42880202C81C11E6A9A5B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/96086", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96086);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-9586\");\n\n script_name(english:\"FreeBSD : cURL -- buffer overflow (42880202-c81c-11e6-a9a5-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cURL project reports : printf floating point buffer overflow\nlibcurl's implementation of the printf() functions triggers a buffer\noverflow when doing a large floating point output. The bug occurs when\nthe conversion outputs more than 255 bytes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/vuln-7.51.0.html\"\n );\n # https://vuxml.freebsd.org/freebsd/42880202-c81c-11e6-a9a5-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a48a048\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl>=7.1<7.52\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:36:08", "description": "- fix out of bounds read in curl --write-out (CVE-2017-7407)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 2.4, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : curl (2017-e396614cd0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-E396614CD0.NASL", "href": "https://www.tenable.com/plugins/nessus/101737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e396614cd0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101737);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7407\");\n script_xref(name:\"FEDORA\", value:\"2017-e396614cd0\");\n\n script_name(english:\"Fedora 26 : curl (2017-e396614cd0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix out of bounds read in curl --write-out\n (CVE-2017-7407)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e396614cd0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"curl-7.53.1-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T01:07:18", "description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a certain character, which leads to a heap-based buffer over-read.(CVE-2017-7407 )", "cvss3": {"score": 2.4, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2017-06-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2017-850)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-850.NASL", "href": "https://www.tenable.com/plugins/nessus/101003", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-850.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101003);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-7407\");\n script_xref(name:\"ALAS\", value:\"2017-850\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2017-850)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow\nphysically proximate attackers to obtain sensitive information from\nprocess memory in opportunistic circumstances by reading a workstation\nscreen during use of a --write-out argument ending in a certain\ncharacter, which leads to a heap-based buffer over-read.(CVE-2017-7407\n)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-850.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.51.0-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.51.0-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.51.0-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.51.0-6.74.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:37:35", "description": "It was discovered that there was a buffer read overrun vulnerability in curl, a tool for downloading files from the internet, etc.\n\nIf a '%' ended the --write-out parameter, the string's trailing NUL would be skipped and memory past the end of the buffer could be accessed and potentially displayed as part of the output.\n\nFor Debian 7 'Wheezy', this issue has been fixed in curl version 7.26.0-1+wheezy18+deb7u1.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 2.4, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2017-04-05T00:00:00", "type": "nessus", "title": "Debian DLA-883-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-883.NASL", "href": "https://www.tenable.com/plugins/nessus/99188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-883-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99188);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7407\");\n\n script_name(english:\"Debian DLA-883-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a buffer read overrun vulnerability\nin curl, a tool for downloading files from the internet, etc.\n\nIf a '%' ended the --write-out parameter, the string's trailing NUL\nwould be skipped and memory past the end of the buffer could be\naccessed and potentially displayed as part of the output.\n\nFor Debian 7 'Wheezy', this issue has been fixed in curl version\n7.26.0-1+wheezy18+deb7u1.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"curl\", reference:\"7.26.0-1+wheezy18+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3\", reference:\"7.26.0-1+wheezy18+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-dbg\", reference:\"7.26.0-1+wheezy18+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-gnutls\", reference:\"7.26.0-1+wheezy18+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-nss\", reference:\"7.26.0-1+wheezy18+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.26.0-1+wheezy18+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.26.0-1+wheezy18+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.26.0-1+wheezy18+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:37:29", "description": "The cURL project reports :\n\nThere were two bugs in curl's parser for the command line option\n--write-out (or -w for short) that would skip the end of string zero byte if the string ended in a % (percent) or \\ (backslash), and it would read beyond that buffer in the heap memory and it could then potentially output pieces of that memory to the terminal or the target file etc..\n\nThis flaw only exists in the command line tool.\n\nWe are not aware of any exploit of this flaw.", "cvss3": {"score": 2.4, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2017-04-06T00:00:00", "type": "nessus", "title": "FreeBSD : cURL -- potential memory disclosure (04f29189-1a05-11e7-bc6e-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_04F291891A0511E7BC6EB499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/99206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99206);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7407\");\n\n script_name(english:\"FreeBSD : cURL -- potential memory disclosure (04f29189-1a05-11e7-bc6e-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cURL project reports :\n\nThere were two bugs in curl's parser for the command line option\n--write-out (or -w for short) that would skip the end of string zero\nbyte if the string ended in a % (percent) or \\ (backslash), and it\nwould read beyond that buffer in the heap memory and it could then\npotentially output pieces of that memory to the terminal or the target\nfile etc..\n\nThis flaw only exists in the command line tool.\n\nWe are not aware of any exploit of this flaw.\"\n );\n # https://curl.haxx.se/docs/adv_20170403.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2017-7407.html\"\n );\n # https://vuxml.freebsd.org/freebsd/04f29189-1a05-11e7-bc6e-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02ae55bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl>=6.5<7.53.1_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:37:31", "description": "- fix out of bounds read in curl --write-out (CVE-2017-7407)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 2.4, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2017-04-10T00:00:00", "type": "nessus", "title": "Fedora 25 : curl (2017-b38b98727e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-B38B98727E.NASL", "href": "https://www.tenable.com/plugins/nessus/99258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b38b98727e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99258);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7407\");\n script_xref(name:\"FEDORA\", value:\"2017-b38b98727e\");\n\n script_name(english:\"Fedora 25 : curl (2017-b38b98727e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix out of bounds read in curl --write-out\n (CVE-2017-7407)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b38b98727e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"curl-7.51.0-6.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:21:18", "description": "According to the version of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 2.4, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1697)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1697.NASL", "href": "https://www.tenable.com/plugins/nessus/126539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126539);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7407\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1697)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - The ourWriteOut function in tool_writeout.c in curl\n 7.53.1 might allow physically proximate attackers to\n obtain sensitive information from process memory in\n opportunistic circumstances by reading a workstation\n screen during use of a --write-out argument ending in a\n '%' character, which leads to a heap-based buffer\n over-read.(CVE-2017-7407)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1697\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?282471dc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h13\",\n \"libcurl-7.29.0-46.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:21:19", "description": "According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 2.4, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1751.NASL", "href": "https://www.tenable.com/plugins/nessus/126878", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126878);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7407\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-1751)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The ourWriteOut function in tool_writeout.c in curl\n 7.53.1 might allow physically proximate attackers to\n obtain sensitive information from process memory in\n opportunistic circumstances by reading a workstation\n screen during use of a --write-out argument ending in a\n '%' character, which leads to a heap-based buffer\n over-read.(CVE-2017-7407)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1751\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?767e32e9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h24\",\n \"libcurl-7.29.0-35.h24\",\n \"libcurl-devel-7.29.0-35.h24\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T01:02:27", "description": "FTP PWD response parser out of bounds read\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\nWhen libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. (CVE-2017-1000254 )", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-11-06T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2017-919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-919.NASL", "href": "https://www.tenable.com/plugins/nessus/104393", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-919.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104393);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-1000254\");\n script_xref(name:\"ALAS\", value:\"2017-919\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2017-919)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"FTP PWD response parser out of bounds read\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\nWhen libcurl connects to an FTP server and successfully logs in\n(anonymous or not), it asks the server for the current directory with\nthe `PWD` command. The server then responds with a 257 response\ncontaining the path, inside double quotes. The returned path name is\nthen kept by libcurl for subsequent uses. Due to a flaw in the string\nparser for this directory name, a directory name passed like this but\nwithout a closing double quote would lead to libcurl not adding a\ntrailing NUL byte to the buffer holding the name. When libcurl would\nthen later access the string, it could read beyond the allocated heap\nbuffer and crash or wrongly access data beyond the buffer, thinking it\nwas part of the path. A malicious server could abuse this fact and\neffectively prevent libcurl-based clients to work with it - the PWD\ncommand is always issued on new FTP connections and the mistake has a\nhigh chance of causing a segfault. The simple fact that this has issue\nremained undiscovered for this long could suggest that malformed PWD\nresponses are rare in benign servers. We are not aware of any exploit\nof this flaw. This bug was introduced in commit\n[415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March\n2005. In libcurl version 7.56.0, the parser always zero terminates the\nstring but also rejects it if not terminated properly with a final\ndouble quote. (CVE-2017-1000254 )\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-919.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.53.1-11.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.53.1-11.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.53.1-11.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.53.1-11.78.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:25", "description": "According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses.\n Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e 7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1287)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1287.NASL", "href": "https://www.tenable.com/plugins/nessus/104906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104906);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000254\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1287)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libcurl may read outside of a heap allocated buffer\n when doing FTP. When libcurl connects to an FTP server\n and successfully logs in (anonymous or not), it asks\n the server for the current directory with the `PWD`\n command. The server then responds with a 257 response\n containing the path, inside double quotes. The returned\n path name is then kept by libcurl for subsequent uses.\n Due to a flaw in the string parser for this directory\n name, a directory name passed like this but without a\n closing double quote would lead to libcurl not adding a\n trailing NUL byte to the buffer holding the name. When\n libcurl would then later access the string, it could\n read beyond the allocated heap buffer and crash or\n wrongly access data beyond the buffer, thinking it was\n part of the path. A malicious server could abuse this\n fact and effectively prevent libcurl-based clients to\n work with it - the PWD command is always issued on new\n FTP connections and the mistake has a high chance of\n causing a segfault. The simple fact that this has issue\n remained undiscovered for this long could suggest that\n malformed PWD responses are rare in benign servers. We\n are not aware of any exploit of this flaw. This bug was\n introduced in commit\n [415d2e7cb7](https://github.com/curl/curl/commit/415d2e\n 7cb7), March 2005. In libcurl version 7.56.0, the\n parser always zero terminates the string but also\n rejects it if not terminated properly with a final\n double quote.(CVE-2017-1000254)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1287\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19d470b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h13\",\n \"libcurl-7.29.0-35.h13\",\n \"libcurl-devel-7.29.0-35.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:34", "description": "This update for curl fixes the following security issues :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-12-04T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : curl (SUSE-SU-2017:3176-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:libcurl4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-3176-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104991", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3176-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104991);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000254\");\n\n script_name(english:\"SUSE SLES11 Security Update : curl (SUSE-SU-2017:3176-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following security issues :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds\n read (bsc#1061876)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000254/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173176-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?85218492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-curl-13361=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-curl-13361=1\n\nSUSE Linux Enterprise Server 11-SECURITY:zypper in -t patch\nsecsp3-curl-13361=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-curl-13361=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.70.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libcurl4-32bit-7.19.7-1.70.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"curl-7.19.7-1.70.8.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libcurl4-7.19.7-1.70.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:59", "description": "The cURL project reports :\n\nFTP PWD response parser out of bounds read\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\n\nWhen libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses.\n\nDue to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path.\n\nA malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-05T00:00:00", "type": "nessus", "title": "FreeBSD : cURL -- out of bounds read (ccace707-a8d8-11e7-ac58-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:curl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CCACE707A8D811E7AC58B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/103666", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103666);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000254\");\n\n script_name(english:\"FreeBSD : cURL -- out of bounds read (ccace707-a8d8-11e7-ac58-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cURL project reports :\n\nFTP PWD response parser out of bounds read\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\n\nWhen libcurl connects to an FTP server and successfully logs in\n(anonymous or not), it asks the server for the current directory with\nthe PWD command. The server then responds with a 257 response\ncontaining the path, inside double quotes. The returned path name is\nthen kept by libcurl for subsequent uses.\n\nDue to a flaw in the string parser for this directory name, a\ndirectory name passed like this but without a closing double quote\nwould lead to libcurl not adding a trailing NUL byte to the buffer\nholding the name. When libcurl would then later access the string, it\ncould read beyond the allocated heap buffer and crash or wrongly\naccess data beyond the buffer, thinking it was part of the path.\n\nA malicious server could abuse this fact and effectively prevent\nlibcurl-based clients to work with it - the PWD command is always\nissued on new FTP connections and the mistake has a high chance of\ncausing a segfault.\"\n );\n # https://curl.haxx.se/docs/adv_20171004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2017-1000254.html\"\n );\n # https://vuxml.freebsd.org/freebsd/ccace707-a8d8-11e7-ac58-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?967ca801\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"curl<7.56.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:02", "description": "It was discovered that there was a out-of-bounds read vulnerability in curl, a command-line and library for transferring data over HTTP/FTP, etc. A malicious FTP server could abuse this to prevent curl-based clients from interacting with it.\n\nSee <https://curl.haxx.se/docs/adv_20171004.html> for more details.\n\nFor Debian 7 'Wheezy', this issue has been fixed in curl version 7.26.0-1+wheezy21.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-06T00:00:00", "type": "nessus", "title": "Debian DLA-1121-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1121.NASL", "href": "https://www.tenable.com/plugins/nessus/103682", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1121-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103682);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000254\");\n\n script_name(english:\"Debian DLA-1121-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a out-of-bounds read vulnerability in\ncurl, a command-line and library for transferring data over HTTP/FTP,\netc. A malicious FTP server could abuse this to prevent curl-based\nclients from interacting with it.\n\nSee <https://curl.haxx.se/docs/adv_20171004.html> for more details.\n\nFor Debian 7 'Wheezy', this issue has been fixed in curl version\n7.26.0-1+wheezy21.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # https://curl.haxx.se/docs/adv_20171004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2017-1000254.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"curl\", reference:\"7.26.0-1+wheezy21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3\", reference:\"7.26.0-1+wheezy21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-dbg\", reference:\"7.26.0-1+wheezy21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-gnutls\", reference:\"7.26.0-1+wheezy21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-nss\", reference:\"7.26.0-1+wheezy21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.26.0-1+wheezy21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.26.0-1+wheezy21\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.26.0-1+wheezy21\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:14", "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-09T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-279-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-279-01.NASL", "href": "https://www.tenable.com/plugins/nessus/103703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-279-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103703);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000254\");\n script_xref(name:\"SSA\", value:\"2017-279-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-279-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.419253\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?806797e6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.56.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.56.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.56.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.56.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"curl\", pkgver:\"7.56.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.56.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.56.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.56.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:35:03", "description": "- fix out of bounds read in FTP PWD response parser (CVE-2017-1000254)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-18T00:00:00", "type": "nessus", "title": "Fedora 26 : curl (2017-601b4c20a4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-601B4C20A4.NASL", "href": "https://www.tenable.com/plugins/nessus/103895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-601b4c20a4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103895);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000254\");\n script_xref(name:\"FEDORA\", value:\"2017-601b4c20a4\");\n\n script_name(english:\"Fedora 26 : curl (2017-601b4c20a4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix out of bounds read in FTP PWD response parser\n (CVE-2017-1000254)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-601b4c20a4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"curl-7.53.1-11.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:05", "description": "- fix out of bounds read in FTP PWD response parser (CVE-2017-1000254)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : curl (2017-e8179c06fd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-E8179C06FD.NASL", "href": "https://www.tenable.com/plugins/nessus/105992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e8179c06fd.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105992);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000254\");\n script_xref(name:\"FEDORA\", value:\"2017-e8179c06fd\");\n\n script_name(english:\"Fedora 27 : curl (2017-e8179c06fd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix out of bounds read in FTP PWD response parser\n (CVE-2017-1000254)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8179c06fd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"curl-7.55.1-6.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:26", "description": "According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses.\n Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e 7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2017-1288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1288.NASL", "href": "https://www.tenable.com/plugins/nessus/104907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104907);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000254\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2017-1288)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libcurl may read outside of a heap allocated buffer\n when doing FTP. When libcurl connects to an FTP server\n and successfully logs in (anonymous or not), it asks\n the server for the current directory with the `PWD`\n command. The server then responds with a 257 response\n containing the path, inside double quotes. The returned\n path name is then kept by libcurl for subsequent uses.\n Due to a flaw in the string parser for this directory\n name, a directory name passed like this but without a\n closing double quote would lead to libcurl not adding a\n trailing NUL byte to the buffer holding the name. When\n libcurl would then later access the string, it could\n read beyond the allocated heap buffer and crash or\n wrongly access data beyond the buffer, thinking it was\n part of the path. A malicious server could abuse this\n fact and effectively prevent libcurl-based clients to\n work with it - the PWD command is always issued on new\n FTP connections and the mistake has a high chance of\n causing a segfault. The simple fact that this has issue\n remained undiscovered for this long could suggest that\n malformed PWD responses are rare in benign servers. We\n are not aware of any exploit of this flaw. This bug was\n introduced in commit\n [415d2e7cb7](https://github.com/curl/curl/commit/415d2e\n 7cb7), March 2005. In libcurl version 7.56.0, the\n parser always zero terminates the string but also\n rejects it if not terminated properly with a final\n double quote.(CVE-2017-1000254)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1288\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80d36922\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h13\",\n \"libcurl-7.29.0-35.h13\",\n \"libcurl-devel-7.29.0-35.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-25T17:22:13", "description": "An update of the curl package has been released.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2017-0041", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0041_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121748", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0041. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121748);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2017-1000100\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2017-0041\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-82.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000100\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.54.0-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.54.0-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:36:01", "description": "CVE-2017-1000100 Wrong handling of very long filenames during TFTP might result in curl sending more than buffer size.\n\nFor Debian 7 'Wheezy', this problem has been fixed in version 7.26.0-1+wheezy20.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2017-08-21T00:00:00", "type": "nessus", "title": "Debian DLA-1062-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1062.NASL", "href": "https://www.tenable.com/plugins/nessus/102597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1062-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102597);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000100\");\n\n script_name(english:\"Debian DLA-1062-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-1000100 Wrong handling of very long filenames during TFTP\nmight result in curl sending more than buffer size.\n\nFor Debian 7 'Wheezy', this problem has been fixed in version\n7.26.0-1+wheezy20.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"curl\", reference:\"7.26.0-1+wheezy20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3\", reference:\"7.26.0-1+wheezy20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-dbg\", reference:\"7.26.0-1+wheezy20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-gnutls\", reference:\"7.26.0-1+wheezy20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-nss\", reference:\"7.26.0-1+wheezy20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.26.0-1+wheezy20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.26.0-1+wheezy20\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.26.0-1+wheezy20\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:28:15", "description": "According to the version of the curl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2019-03-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.2 : curl (EulerOS-SA-2019-1083)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "cpe:/o:huawei:euleros:uvp:2.5.2"], "id": "EULEROS_SA-2019-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/122705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122705);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000100\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.2 : curl (EulerOS-SA-2019-1083)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - When doing a TFTP transfer and curl/libcurl is given a\n URL that contains a very long file name (longer than\n about 515 bytes), the file name is truncated to fit\n within the buffer boundaries, but the buffer size is\n still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call,\n making curl attempt to send more data than what is\n actually put into the buffer. The endto() function will\n then read beyond the end of the heap based buffer. A\n malicious HTTP(S) server could redirect a vulnerable\n libcurl-using client to a crafted TFTP URL (if the\n client hasn't restricted which protocols it allows\n redirects to) and trick it to send private memory\n contents to a remote server over UDP. Limit curl's\n redirect protocols with --proto-redir and libcurl's\n with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1083\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ce601ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h23\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:27:35", "description": "According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.i1/4^CVE-2017-1000100i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1163.NASL", "href": "https://www.tenable.com/plugins/nessus/123849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123849);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000100\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1163)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - When doing a TFTP transfer and curl/libcurl is given a\n URL that contains a very long file name (longer than\n about 515 bytes), the file name is truncated to fit\n within the buffer boundaries, but the buffer size is\n still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call,\n making curl attempt to send more data than what is\n actually put into the buffer. The endto() function will\n then read beyond the end of the heap based buffer. A\n malicious HTTP(S) server could redirect a vulnerable\n libcurl-using client to a crafted TFTP URL (if the\n client hasn't restricted which protocols it allows\n redirects to) and trick it to send private memory\n contents to a remote server over UDP. Limit curl's\n redirect protocols with --proto-redir and libcurl's\n with CURLOPT_REDIR_PROTOCOLS.i1/4^CVE-2017-1000100i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1163\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d339f05\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h23\",\n \"libcurl-7.29.0-35.h23\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T15:56:19", "description": "According to the versions of the curl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\n - A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\n - A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\n - curl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\n - curl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\n\n - libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses.\n Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e 7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.i1/4^CVE-2017-1000254i1/4%0\n\n - The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.i1/4^CVE-2017-8817i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : curl (EulerOS-SA-2018-1330)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2017-1000254", "CVE-2017-8817", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/118418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118418);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\n \"CVE-2016-9586\",\n \"CVE-2017-8817\",\n \"CVE-2017-1000254\",\n \"CVE-2018-1000120\",\n \"CVE-2018-1000121\",\n \"CVE-2018-1000122\",\n \"CVE-2018-1000301\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : curl (EulerOS-SA-2018-1330)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - It was found that libcurl did not safely parse FTP URLs\n when using the CURLOPT_FTP_FILEMETHOD method. An\n attacker, able to provide a specially crafted FTP URL\n to an application using libcurl, could write a NULL\n byte at an arbitrary location, resulting in a crash, or\n an unspecified behavior.(CVE-2018-1000120)\n\n - A NULL pointer dereference flaw was found in the way\n libcurl checks values returned by the openldap\n ldap_get_attribute_ber() function. A malicious LDAP\n server could use this flaw to crash a libcurl client\n application via a specially crafted LDAP\n reply.(CVE-2018-1000121)\n\n - A buffer over-read exists in curl 7.20.0 to and\n including curl 7.58.0 in the RTSP+RTP handling code\n that allows an attacker to cause a denial of service or\n information leakage(CVE-2018-1000122)\n\n - curl version curl 7.20.0 to and including curl 7.59.0\n contains a Buffer Over-read vulnerability in denial of\n service that can result in curl can be tricked into\n reading data beyond the end of a heap based buffer used\n to store downloaded rtsp content.(CVE-2018-1000301)\n\n - curl version curl 7.20.0 to and including curl 7.59.0\n contains a Buffer Over-read vulnerability in denial of\n service that can result in curl can be tricked into\n reading data beyond the end of a heap based buffer used\n to store downloaded rtsp content.(CVE-2016-9586)\n\n - libcurl may read outside of a heap allocated buffer\n when doing FTP. When libcurl connects to an FTP server\n and successfully logs in (anonymous or not), it asks\n the server for the current directory with the `PWD`\n command. The server then responds with a 257 response\n containing the path, inside double quotes. The returned\n path name is then kept by libcurl for subsequent uses.\n Due to a flaw in the string parser for this directory\n name, a directory name passed like this but without a\n closing double quote would lead to libcurl not adding a\n trailing NUL byte to the buffer holding the name. When\n libcurl would then later access the string, it could\n read beyond the allocated heap buffer and crash or\n wrongly access data beyond the buffer, thinking it was\n part of the path. A malicious server could abuse this\n fact and effectively prevent libcurl-based clients to\n work with it - the PWD command is always issued on new\n FTP connections and the mistake has a high chance of\n causing a segfault. The simple fact that this has issue\n remained undiscovered for this long could suggest that\n malformed PWD responses are rare in benign servers. We\n are not aware of any exploit of this flaw. This bug was\n introduced in commit\n [415d2e7cb7](https://github.com/curl/curl/commit/415d2e\n 7cb7), March 2005. In libcurl version 7.56.0, the\n parser always zero terminates the string but also\n rejects it if not terminated properly with a final\n double quote.i1/4^CVE-2017-1000254i1/4%0\n\n - The FTP wildcard function in curl and libcurl before\n 7.57.0 allows remote attackers to cause a denial of\n service (out-of-bounds read and application crash) or\n possibly have unspecified other impact via a string\n that ends with an '[' character.The FTP wildcard\n function in curl and libcurl before 7.57.0 allows\n remote attackers to cause a denial of service\n (out-of-bounds read and application crash) or possibly\n have unspecified other impact via a string that ends\n with an '[' character.i1/4^CVE-2017-8817i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1330\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4aa41f3c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000120\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:44", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - curl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\n - curl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2018-1000301"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1202.NASL", "href": "https://www.tenable.com/plugins/nessus/110866", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110866);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9586\",\n \"CVE-2018-1000301\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1202)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - curl version curl 7.20.0 to and including curl 7.59.0\n contains a Buffer Over-read vulnerability in denial of\n service that can result in curl can be tricked into\n reading data beyond the end of a heap based buffer used\n to store downloaded rtsp content.(CVE-2018-1000301)\n\n - curl version curl 7.20.0 to and including curl 7.59.0\n contains a Buffer Over-read vulnerability in denial of\n service that can result in curl can be tricked into\n reading data beyond the end of a heap based buffer used\n to store downloaded rtsp content.(CVE-2016-9586)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1202\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?210de116\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h20\",\n \"libcurl-7.29.0-35.h20\",\n \"libcurl-devel-7.29.0-35.h20\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:13", "description": "This update for curl fixes the following issues: Security issues fixed :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876)\n\n - CVE-2017-1000257: IMAP FETCH response out of bounds read (bsc#1063824) Bugs fixed :\n\n - Fixed error 'error:1408F10B:SSL routines' when connecting to ftps via proxy (bsc#1060653)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2831-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:curl", "p-cpe:/a:novell:suse_linux:curl-debuginfo", "p-cpe:/a:novell:suse_linux:curl-debugsource", "p-cpe:/a:novell:suse_linux:libcurl4", "p-cpe:/a:novell:suse_linux:libcurl4-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2831-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2831-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104117);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2831-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues: Security issues \nfixed :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds\n read (bsc#1061876)\n\n - CVE-2017-1000257: IMAP FETCH response out of bounds read\n (bsc#1063824) Bugs fixed :\n\n - Fixed error 'error:1408F10B:SSL routines' when\n connecting to ftps via proxy (bsc#1060653)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000254/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000257/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172831-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab1d52b2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1758=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1758=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1758=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1758=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1758=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1758=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1758=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-1758=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1758=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"curl-debugsource-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"curl-debugsource-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debuginfo-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"curl-debugsource-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-37.8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-7.37.0-37.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:55", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876)\n\n - CVE-2017-1000257: IMAP FETCH response out of bounds read (bsc#1063824)\n\nBugs fixed :\n\n - Fixed error 'error:1408F10B:SSL routines' when connecting to ftps via proxy (bsc#1060653)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2017-1200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1200.NASL", "href": "https://www.tenable.com/plugins/nessus/104236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1200.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104236);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2017-1200)\");\n script_summary(english:\"Check for the openSUSE-2017-1200 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-1000254: FTP PWD response parser out of bounds\n read (bsc#1061876)\n\n - CVE-2017-1000257: IMAP FETCH response out of bounds read\n (bsc#1063824)\n\nBugs fixed :\n\n - Fixed error 'error:1408F10B:SSL routines' when\n connecting to ftps via proxy (bsc#1060653)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063824\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debuginfo-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debugsource-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl-devel-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-debuginfo-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-16.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-03-27T15:17:52", "description": "An update of the curl package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl PHSA-2017-0044", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-14970"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0044_CURL.NASL", "href": "https://www.tenable.com/plugins/nessus/121756", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0044. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121756);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-1000254\");\n\n script_name(english:\"Photon OS 1.0: Curl PHSA-2017-0044\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the curl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-84.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14970\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-7.54.0-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"curl-debuginfo-7.54.0-4.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-01T15:27:07", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.(CVE-2018-1000007)\n\n - When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2018-1000007"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1427.NASL", "href": "https://www.tenable.com/plugins/nessus/119916", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119916);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000100\",\n \"CVE-2018-1000007\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1427)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that curl and libcurl might send their\n Authentication header to a third party HTTP server upon\n receiving an HTTP REDIRECT reply. This could leak\n authentication token to external\n entities.(CVE-2018-1000007)\n\n - When doing a TFTP transfer and curl/libcurl is given a\n URL that contains a very long file name (longer than\n about 515 bytes), the file name is truncated to fit\n within the buffer boundaries, but the buffer size is\n still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call,\n making curl attempt to send more data than what is\n actually put into the buffer. The endto() function will\n then read beyond the end of the heap based buffer. A\n malicious HTTP(S) server could redirect a vulnerable\n libcurl-using client to a crafted TFTP URL (if the\n client hasn't restricted which protocols it allows\n redirects to) and trick it to send private memory\n contents to a remote server over UDP. Limit curl's\n redirect protocols with --proto-redir and libcurl's\n with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1427\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b14f2ff5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h22\",\n \"libcurl-7.29.0-35.h22\",\n \"libcurl-devel-7.29.0-35.h22\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-01T15:25:44", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.(CVE-2018-1000007)\n\n - When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1401)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2018-1000007"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1401.NASL", "href": "https://www.tenable.com/plugins/nessus/119529", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119529);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000100\",\n \"CVE-2018-1000007\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1401)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that curl and libcurl might send their\n Authentication header to a third party HTTP server upon\n receiving an HTTP REDIRECT reply. This could leak\n authentication token to external\n entities.(CVE-2018-1000007)\n\n - When doing a TFTP transfer and curl/libcurl is given a\n URL that contains a very long file name (longer than\n about 515 bytes), the file name is truncated to fit\n within the buffer boundaries, but the buffer size is\n still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call,\n making curl attempt to send more data than what is\n actually put into the buffer. The endto() function will\n then read beyond the end of the heap based buffer. A\n malicious HTTP(S) server could redirect a vulnerable\n libcurl-using client to a crafted TFTP URL (if the\n client hasn't restricted which protocols it allows\n redirects to) and trick it to send private memory\n contents to a remote server over UDP. Limit curl's\n redirect protocols with --proto-redir and libcurl's\n with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1401\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a14754d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h22\",\n \"libcurl-7.29.0-35.h22\",\n \"libcurl-devel-7.29.0-35.h22\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-01T17:16:38", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.(CVE-2018-1000007)\n\n - When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2018-1000007"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1002.NASL", "href": "https://www.tenable.com/plugins/nessus/120990", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120990);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000100\",\n \"CVE-2018-1000007\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1002)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that curl and libcurl might send their\n Authentication header to a third party HTTP server upon\n receiving an HTTP REDIRECT reply. This could leak\n authentication token to external\n entities.(CVE-2018-1000007)\n\n - When doing a TFTP transfer and curl/libcurl is given a\n URL that contains a very long file name (longer than\n about 515 bytes), the file name is truncated to fit\n within the buffer boundaries, but the buffer size is\n still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call,\n making curl attempt to send more data than what is\n actually put into the buffer. The endto() function will\n then read beyond the end of the heap based buffer. A\n malicious HTTP(S) server could redirect a vulnerable\n libcurl-using client to a crafted TFTP URL (if the\n client hasn't restricted which protocols it allows\n redirects to) and trick it to send private memory\n contents to a remote server over UDP. Limit curl's\n redirect protocols with --proto-redir and libcurl's\n with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?feff6be9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h7.eulerosv2r7\",\n \"libcurl-7.29.0-46.h7.eulerosv2r7\",\n \"libcurl-devel-7.29.0-46.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-01T17:25:54", "description": "According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.i1/4^CVE-2017-1000100i1/4%0\n\n - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.i1/4^CVE-2018-1000007i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.4 : curl (EulerOS-SA-2019-1206)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2018-1000007"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:2.5.4"], "id": "EULEROS_SA-2019-1206.NASL", "href": "https://www.tenable.com/plugins/nessus/123892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123892);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-1000100\",\n \"CVE-2018-1000007\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : curl (EulerOS-SA-2019-1206)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - When doing a TFTP transfer and curl/libcurl is given a\n URL that contains a very long file name (longer than\n about 515 bytes), the file name is truncated to fit\n within the buffer boundaries, but the buffer size is\n still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call,\n making curl attempt to send more data than what is\n actually put into the buffer. The endto() function will\n then read beyond the end of the heap based buffer. A\n malicious HTTP(S) server could redirect a vulnerable\n libcurl-using client to a crafted TFTP URL (if the\n client hasn't restricted which protocols it allows\n redirects to) and trick it to send private memory\n contents to a remote server over UDP. Limit curl's\n redirect protocols with --proto-redir and libcurl's\n with CURLOPT_REDIR_PROTOCOLS.i1/4^CVE-2017-1000100i1/4%0\n\n - It was found that curl and libcurl might send their\n Authentication header to a third party HTTP server upon\n receiving an HTTP REDIRECT reply. This could leak\n authentication token to external\n entities.i1/4^CVE-2018-1000007i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1206\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc165e11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h7\",\n \"libcurl-7.29.0-46.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-24T22:09:44", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\n - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-06-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1665)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755", "CVE-2017-7407", "CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1665.NASL", "href": "https://www.tenable.com/plugins/nessus/126292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126292);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0755\",\n \"CVE-2017-7407\",\n \"CVE-2018-16842\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1665)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The ourWriteOut function in tool_writeout.c in curl\n 7.53.1 might allow physically proximate attackers to\n obtain sensitive information from process memory in\n opportunistic circumstances by reading a workstation\n screen during use of a --write-out argument ending in a\n '%' character, which leads to a heap-based buffer\n over-read.(CVE-2017-7407)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1665\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2d6f2b03\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h13.eulerosv2r7\",\n \"libcurl-7.29.0-46.h13.eulerosv2r7\",\n \"libcurl-devel-7.29.0-46.h13.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-12-23T02:33:32", "description": "According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content..(CVE-2018-1000301)\n\n - It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-5420)\n\n - It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.(CVE-2015-3143)\n\n - libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses.\n Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit 415d2e7cb7(https://github.com/curl/curl/commit/415d2e7c b7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\n - It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones.(CVE-2015-3148)\n\n - Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a ''%'' (percent) character.(CVE-2013-2174)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8616)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8619)\n\n - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.(CVE-2018-1000007)\n\n - A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.(CVE-2014-3707)\n\n - Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions.(CVE-2016-7167)\n\n - When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1550)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2174", "CVE-2014-3707", "CVE-2015-3143", "CVE-2015-3148", "CVE-2016-5420", "CVE-2016-7167", "CVE-2016-8616", "CVE-2016-8619", "CVE-2017-1000100", "CVE-2017-1000254", "CVE-2018-1000007", "CVE-2018-1000301"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1550.NASL", "href": "https://www.tenable.com/plugins/nessus/125003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125003);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-2174\",\n \"CVE-2014-3707\",\n \"CVE-2015-3143\",\n \"CVE-2015-3148\",\n \"CVE-2016-5420\",\n \"CVE-2016-7167\",\n \"CVE-2016-8616\",\n \"CVE-2016-8619\",\n \"CVE-2017-1000100\",\n \"CVE-2017-1000254\",\n \"CVE-2018-1000007\",\n \"CVE-2018-1000301\"\n );\n script_bugtraq_id(\n 60737,\n 70988,\n 74299,\n 74301\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1550)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - curl version curl 7.20.0 to and including curl 7.59.0\n contains a CWE-126: Buffer Over-read vulnerability in\n denial of service that can result in curl can be\n tricked into reading data beyond the end of a heap\n based buffer used to store downloaded RTSP\n content..(CVE-2018-1000301)\n\n - It was found that the libcurl library did not check the\n client certificate when choosing the TLS connection to\n reuse. An attacker could potentially use this flaw to\n hijack the authentication of the connection by\n leveraging a previously created connection with a\n different client certificate.(CVE-2016-5420)\n\n - It was discovered that libcurl could incorrectly reuse\n NTLM-authenticated connections for subsequent\n unauthenticated requests to the same host. If an\n application using libcurl established an\n NTLM-authenticated connection to a server, and sent\n subsequent unauthenticated requests to the same server,\n the unauthenticated requests could be sent over the\n NTLM-authenticated connection, appearing as if they\n were sent by the NTLM authenticated\n user.(CVE-2015-3143)\n\n - libcurl may read outside of a heap allocated buffer\n when doing FTP. When libcurl connects to an FTP server\n and successfully logs in (anonymous or not), it asks\n the server for the current directory with the `PWD`\n command. The server then responds with a 257 response\n containing the path, inside double quotes. The returned\n path name is then kept by libcurl for subsequent uses.\n Due to a flaw in the string parser for this directory\n name, a directory name passed like this but without a\n closing double quote would lead to libcurl not adding a\n trailing NUL byte to the buffer holding the name. When\n libcurl would then later access the string, it could\n read beyond the allocated heap buffer and crash or\n wrongly access data beyond the buffer, thinking it was\n part of the path. A malicious server could abuse this\n fact and effectively prevent libcurl-based clients to\n work with it - the PWD command is always issued on new\n FTP connections and the mistake has a high chance of\n causing a segfault. The simple fact that this has issue\n remained undiscovered for this long could suggest that\n malformed PWD responses are rare in benign servers. We\n are not aware of any exploit of this flaw. This bug was\n introduced in commit\n 415d2e7cb7(https://github.com/curl/curl/commit/415d2e7c\n b7), March 2005. In libcurl version 7.56.0, the parser\n always zero terminates the string but also rejects it\n if not terminated properly with a final double\n quote.(CVE-2017-1000254)\n\n - It was discovered that libcurl could incorrectly reuse\n Negotiate authenticated HTTP connections for subsequent\n requests. If an application using libcurl established a\n Negotiate authenticated HTTP connection to a server and\n sent subsequent requests with different credentials,\n the connection could be re-used with the initial set of\n credentials instead of using the new\n ones.(CVE-2015-3148)\n\n - Heap-based buffer overflow in the curl_easy_unescape\n function in lib/escape.c in cURL and libcurl 7.7\n through 7.30.0 allows remote attackers to cause a\n denial of service (application crash) or possibly\n execute arbitrary code via a crafted string ending in a\n ''%'' (percent) character.(CVE-2013-2174)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8616)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8619)\n\n - It was found that curl and libcurl might send their\n Authentication header to a third party HTTP server upon\n receiving an HTTP REDIRECT reply. This could leak\n authentication token to external\n entities.(CVE-2018-1000007)\n\n - A flaw was found in the way the libcurl library\n performed the duplication of connection handles. If an\n application set the CURLOPT_COPYPOSTFIELDS option for a\n handle, using the handle's duplicate could cause the\n application to crash or disclose a portion of its\n memory.(CVE-2014-3707)\n\n - Multiple integer overflow flaws leading to heap-based\n buffer overflows were found in the way curl handled\n escaping and unescaping of data. An attacker could\n potentially use these flaws to crash an application\n using libcurl by sending a specially crafted input to\n the affected libcurl functions.(CVE-2016-7167)\n\n - When doing a TFTP transfer and curl/libcurl is given a\n URL that contains a very long file name (longer than\n about 515 bytes), the file name is truncated to fit\n within the buffer boundaries, but the buffer size is\n still wrongly updated to use the untruncated length.\n This too large value is then used in the sendto() call,\n making curl attempt to send more data than what is\n actually put into the buffer. The endto() function will\n then read beyond the end of the heap based buffer. A\n malicious HTTP(S) server could redirect a vulnerable\n libcurl-using client to a crafted TFTP URL (if the\n client hasn't restricted which protocols it allows\n redirects to) and trick it to send private memory\n contents to a remote server over UDP. Limit curl's\n redirect protocols with --proto-redir and libcurl's\n with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1550\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?90cc0a91\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h10\",\n \"libcurl-7.29.0-46.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:45:50", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\n - A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\n - A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\n - curl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\n - curl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1203)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1203.NASL", "href": "https://www.tenable.com/plugins/nessus/110867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110867);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9586\",\n \"CVE-2018-1000120\",\n \"CVE-2018-1000121\",\n \"CVE-2018-1000122\",\n \"CVE-2018-1000301\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1203)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that libcurl did not safely parse FTP URLs\n when using the CURLOPT_FTP_FILEMETHOD method. An\n attacker, able to provide a specially crafted FTP URL\n to an application using libcurl, could write a NULL\n byte at an arbitrary location, resulting in a crash, or\n an unspecified behavior.(CVE-2018-1000120)\n\n - A NULL pointer dereference flaw was found in the way\n libcurl checks values returned by the openldap\n ldap_get_attribute_ber() function. A malicious LDAP\n server could use this flaw to crash a libcurl client\n application via a specially crafted LDAP\n reply.(CVE-2018-1000121)\n\n - A buffer over-read exists in curl 7.20.0 to and\n including curl 7.58.0 in the RTSP+RTP handling code\n that allows an attacker to cause a denial of service or\n information leakage(CVE-2018-1000122)\n\n - curl version curl 7.20.0 to and including curl 7.59.0\n contains a Buffer Over-read vulnerability in denial of\n service that can result in curl can be tricked into\n reading data beyond the end of a heap based buffer used\n to store downloaded rtsp content.(CVE-2018-1000301)\n\n - curl version curl 7.20.0 to and including curl 7.59.0\n contains a Buffer Over-read vulnerability in denial of\n service that can result in curl can be tricked into\n reading data beyond the end of a heap based buffer used\n to store downloaded rtsp content.(CVE-2016-9586)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1203\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad9816d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h20\",\n \"libcurl-7.29.0-35.h20\",\n \"libcurl-devel-7.29.0-35.h20\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-24T21:50:09", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436)\n\n - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755", "CVE-2017-7407", "CVE-2018-16842", "CVE-2019-5436"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2054.NASL", "href": "https://www.tenable.com/plugins/nessus/129247", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129247);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0755\",\n \"CVE-2017-7407\",\n \"CVE-2018-16842\",\n \"CVE-2019-5436\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2054)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - A heap buffer overflow in the TFTP receiving code\n allows for DoS or arbitrary code execution in libcurl\n versions 7.19.4 through 7.64.1.(CVE-2019-5436)\n\n - The ourWriteOut function in tool_writeout.c in curl\n 7.53.1 might allow physically proximate attackers to\n obtain sensitive information from process memory in\n opportunistic circumstances by reading a workstation\n screen during use of a --write-out argument ending in a\n '%' character, which leads to a heap-based buffer\n over-read.(CVE-2017-7407)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2054\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3428b002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h25\",\n \"libcurl-7.29.0-35.h25\",\n \"libcurl-devel-7.29.0-35.h25\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-03-27T16:13:49", "description": "The remote host is affected by the vulnerability described in GLSA-201712-04 (cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could cause a Denial of Service condition, disclose sensitive information or other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-15T00:00:00", "type": "nessus", "title": "GLSA-201712-04 : cURL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:curl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201712-04.NASL", "href": "https://www.tenable.com/plugins/nessus/105264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201712-04.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105264);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\", \"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-8818\");\n script_xref(name:\"GLSA\", value:\"201712-04\");\n\n script_name(english:\"GLSA-201712-04 : cURL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201712-04\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause a Denial of Service condition, disclose\n sensitive information or other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201712-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.57.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.57.0\"), vulnerable:make_list(\"lt 7.57.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:59:39", "description": "Several vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2016-7141\n\nWhen built with NSS and the libnsspem.so library is available at runtime, allows an remote attacker to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.\n\nCVE-2016-7167\n\nMultiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.\n\nCVE-2016-9586\n\nCurl is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any applications that accept a format string from the outside without necessary input filtering, it could allow remote attacks.\n\nCVE-2018-16839\n\nCurl is vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.\n\nCVE-2018-16842\n\nCurl is vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 7.38.0-4+deb8u13.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-07T00:00:00", "type": "nessus", "title": "Debian DLA-1568-1 : curl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5420", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-9586", "CVE-2018-16839", "CVE-2018-16842"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:libcurl4-doc", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1568.NASL", "href": "https://www.tenable.com/plugins/nessus/118753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1568-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118753);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7141\", \"CVE-2016-7167\", \"CVE-2016-9586\", \"CVE-2018-16839\", \"CVE-2018-16842\");\n\n script_name(english:\"Debian DLA-1568-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in cURL, an URL transfer\nlibrary.\n\nCVE-2016-7141\n\nWhen built with NSS and the libnsspem.so library is available at\nruntime, allows an remote attacker to hijack the authentication of a\nTLS connection by leveraging reuse of a previously loaded client\ncertificate from file for a connection for which no certificate has\nbeen set, a different vulnerability than CVE-2016-5420.\n\nCVE-2016-7167\n\nMultiple integer overflows in the (1) curl_escape, (2)\ncurl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape\nfunctions in libcurl allow attackers to have unspecified impact via a\nstring of length 0xffffffff, which triggers a heap-based buffer\noverflow.\n\nCVE-2016-9586\n\nCurl is vulnerable to a buffer overflow when doing a large floating\npoint output in libcurl's implementation of the printf() functions. If\nthere are any applications that accept a format string from the\noutside without necessary input filtering, it could allow remote\nattacks.\n\nCVE-2018-16839\n\nCurl is vulnerable to a buffer overrun in the SASL authentication code\nthat may lead to denial of service.\n\nCVE-2018-16842\n\nCurl is vulnerable to a heap-based buffer over-read in the\ntool_msgs.c:voutf() function that may result in information exposure\nand denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n7.38.0-4+deb8u13.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"curl\", reference:\"7.38.0-4+deb8u13\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3\", reference:\"7.38.0-4+deb8u13\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-dbg\", reference:\"7.38.0-4+deb8u13\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-gnutls\", reference:\"7.38.0-4+deb8u13\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl3-nss\", reference:\"7.38.0-4+deb8u13\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-doc\", reference:\"7.38.0-4+deb8u13\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.38.0-4+deb8u13\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.38.0-4+deb8u13\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.38.0-4+deb8u13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-01T17:25:02", "description": "According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.i1/4^CVE-2013-4545i1/4%0\n\n - The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.i1/4^CVE-2013-6422i1/4%0\n\n - cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.i1/4^CVE-2014-0139i1/4%0\n\n - curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.i1/4^CVE-2014-2522i1/4%0\n\n - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.i1/4^CVE-2017-7407i1/4%0\n\n - It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.i1/4^CVE-2018-1000007i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4545", "CVE-2013-6422", "CVE-2014-0139", "CVE-2014-2522", "CVE-2017-7407", "CVE-2018-1000007"], "modified": "2021-02-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1172.NASL", "href": "https://www.tenable.com/plugins/nessus/123858", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123858);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/10\");\n\n script_cve_id(\n \"CVE-2013-4545\",\n \"CVE-2013-6422\",\n \"CVE-2014-0139\",\n \"CVE-2014-2522\",\n \"CVE-2017-7407\",\n \"CVE-2018-1000007\"\n );\n script_bugtraq_id(\n 63776,\n 64431,\n 66296,\n 66458\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1172)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - cURL and libcurl 7.18.0 through 7.32.0, when built with\n OpenSSL, disables the certificate CN and SAN name field\n verification (CURLOPT_SSL_VERIFYHOST) when the digital\n signature verification (CURLOPT_SSL_VERIFYPEER) is\n disabled, which allows man-in-the-middle attackers to\n spoof SSL servers via an arbitrary valid\n certificate.i1/4^CVE-2013-4545i1/4%0\n\n - The GnuTLS backend in libcurl 7.21.4 through 7.33.0,\n when disabling digital signature verification\n (CURLOPT_SSL_VERIFYPEER), also disables the\n CURLOPT_SSL_VERIFYHOST check for CN or SAN host name\n fields, which makes it easier for remote attackers to\n spoof servers and conduct man-in-the-middle (MITM)\n attacks.i1/4^CVE-2013-6422i1/4%0\n\n - cURL and libcurl 7.1 before 7.36.0, when using the\n OpenSSL, axtls, qsossl or gskit libraries for TLS,\n recognize a wildcard IP address in the subject's Common\n Name (CN) field of an X.509 certificate, which might\n allow man-in-the-middle attackers to spoof arbitrary\n SSL servers via a crafted certificate issued by a\n legitimate Certification Authority.i1/4^CVE-2014-0139i1/4%0\n\n - curl and libcurl 7.27.0 through 7.35.0, when running on\n Windows and using the SChannel/Winssl TLS backend, does\n not verify that the server hostname matches a domain\n name in the subject's Common Name (CN) or\n subjectAltName field of the X.509 certificate when\n accessing a URL that uses a numerical IP address, which\n allows man-in-the-middle attackers to spoof servers via\n an arbitrary valid certificate.i1/4^CVE-2014-2522i1/4%0\n\n - The ourWriteOut function in tool_writeout.c in curl\n 7.53.1 might allow physically proximate attackers to\n obtain sensitive information from process memory in\n opportunistic circumstances by reading a workstation\n screen during use of a --write-out argument ending in a\n '%' character, which leads to a heap-based buffer\n over-read.i1/4^CVE-2017-7407i1/4%0\n\n - It was found that curl and libcurl might send their\n Authentication header to a third party HTTP server upon\n receiving an HTTP REDIRECT reply. This could leak\n authentication token to external\n entities.i1/4^CVE-2018-1000007i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1172\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?586a7e50\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h24\",\n \"libcurl-7.29.0-35.h24\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-07-21T17:56:25", "description": "An update of [openvswitch,systemd,curl,mariadb,bash] packages for PhotonOS has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Bash / Curl / Mariadb / Openvswitch / Systemd PHSA-2017-0044 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9401", "CVE-2017-1000254", "CVE-2017-10268", "CVE-2017-10378", "CVE-2017-14970", "CVE-2017-15908"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bash", "p-cpe:/a:vmware:photonos:curl", "p-cpe:/a:vmware:photonos:mariadb", "p-cpe:/a:vmware:photonos:openvswitch", "p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0044.NASL", "href": "https://www.tenable.com/plugins/nessus/111893", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0044. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111893);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2016-9401\",\n \"CVE-2017-10268\",\n \"CVE-2017-10378\",\n \"CVE-2017-14970\",\n \"CVE-2017-15908\",\n \"CVE-2017-1000254\"\n );\n\n script_name(english:\"Photon OS 1.0: Bash / Curl / Mariadb / Openvswitch / Systemd PHSA-2017-0044 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [openvswitch,systemd,curl,mariadb,bash] packages for\nPhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-84\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?185d85d0\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14970\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"bash-4.3.48-2.ph1\",\n \"bash-debuginfo-4.3.48-2.ph1\",\n \"bash-lang-4.3.48-2.ph1\",\n \"curl-7.54.0-4.ph1\",\n \"curl-debuginfo-7.54.0-4.ph1\",\n \"mariadb-10.2.10-1.ph1\",\n \"mariadb-debuginfo-10.2.10-1.ph1\",\n \"mariadb-devel-10.2.10-1.ph1\",\n \"mariadb-errmsg-10.2.10-1.ph1\",\n \"mariadb-server-10.2.10-1.ph1\",\n \"mariadb-server-galera-10.2.10-1.ph1\",\n \"openvswitch-2.6.1-5.ph1\",\n \"openvswitch-debuginfo-2.6.1-5.ph1\",\n \"openvswitch-devel-2.6.1-5.ph1\",\n \"openvswitch-doc-2.6.1-5.ph1\",\n \"systemd-228-43.ph1\",\n \"systemd-debuginfo-228-43.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / curl / mariadb / openvswitch / systemd\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:31:34", "description": "An update of [systemd,curl,glibc,freetype2] packages for PhotonOS has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Curl / Freetype2 / Glibc / Systemd PHSA-2017-0041 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7510", "CVE-2017-8105", "CVE-2017-9217", "CVE-2017-15670", "CVE-2017-15804", "CVE-2017-1000100"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:curl", "p-cpe:/a:vmware:photonos:freetype2", "p-cpe:/a:vmware:photonos:glibc", "p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0041.NASL", "href": "https://www.tenable.com/plugins/nessus/111890", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0041. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111890);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2015-7510\",\n \"CVE-2017-8105\",\n \"CVE-2017-9217\",\n \"CVE-2017-15670\",\n \"CVE-2017-15804\",\n \"CVE-2017-1000100\"\n );\n\n script_name(english:\"Photon OS 1.0: Curl / Freetype2 / Glibc / Systemd PHSA-2017-0041 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [systemd,curl,glibc,freetype2] packages for PhotonOS has\nbeen released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-82\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?73486cbe\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7510\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"curl-7.54.0-3.ph1\",\n \"curl-debuginfo-7.54.0-3.ph1\",\n \"freetype2-2.7.1-4.ph1\",\n \"freetype2-debuginfo-2.7.1-4.ph1\",\n \"freetype2-devel-2.7.1-4.ph1\",\n \"glibc-2.22-15.ph1\",\n \"glibc-devel-2.22-15.ph1\",\n \"glibc-lang-2.22-15.ph1\",\n \"systemd-228-41.ph1\",\n \"systemd-debuginfo-228-41.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / freetype2 / glibc / systemd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T16:24:28", "description": "According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "pfSense < 2.3.4 Multiple Vulnerabilities (SA-17_04)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197", "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2017-7407", "CVE-2017-7468"], "modified": "2019-02-26T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-17_04.NASL", "href": "https://www.tenable.com/plugins/nessus/106504", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106504);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/02/26 4:50:08\");\n\n script_cve_id(\n \"CVE-2016-9042\",\n \"CVE-2016-10195\",\n \"CVE-2016-10196\",\n \"CVE-2016-10197\",\n \"CVE-2017-6462\",\n \"CVE-2017-6463\",\n \"CVE-2017-6464\",\n \"CVE-2017-7407\",\n \"CVE-2017-7468\"\n );\n script_bugtraq_id(96014, 97045, 97046, 97049, 97050);\n\n script_name(english:\"pfSense < 2.3.4 Multiple Vulnerabilities (SA-17_04)\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is affected by multiple vulnerabilities as stated in the\nreferenced vendor advisories.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.3.4_New_Features_and_Changes\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-17_04.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9040c63f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.3.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10195\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.3.4\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE}\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:15:34", "description": "libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.(CVE-2018-16890)\n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.(CVE-2017-8816)\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.(CVE-2017-8818)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\nWhen libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.(CVE-2019-3822)\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.(CVE-2019-3823)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.(CVE-2017-8817)\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\nA heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.(CVE-2018-16840)\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.(CVE-2018-16839)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-19T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : curl (ALAS-2019-1162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818", "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842", "CVE-2018-16890", "CVE-2018-20483", "CVE-2019-3822", "CVE-2019-3823"], "modified": "2020-02-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1162.NASL", "href": "https://www.tenable.com/plugins/nessus/122260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122260);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2017-1000254\", \"CVE-2017-1000257\", \"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-8818\", \"CVE-2018-16839\", \"CVE-2018-16840\", \"CVE-2018-16842\", \"CVE-2018-16890\", \"CVE-2018-20483\", \"CVE-2019-3822\", \"CVE-2019-3823\");\n script_xref(name:\"ALAS\", value:\"2019-1162\");\n\n script_name(english:\"Amazon Linux 2 : curl (ALAS-2019-1162)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libcurl is vulnerable to a heap buffer out-of-bounds read. The\nfunction handling incoming NTLM type-2 messages\n(`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate\nincoming data correctly and is subject to an integer overflow\nvulnerability. Using that overflow, a malicious or broken NTLM server\ncould trick libcurl to accept a bad length + offset combination that\nwould lead to a buffer read out-of-bounds.(CVE-2018-16890)\n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on\n32-bit platforms allows attackers to cause a denial of service\n(integer overflow and resultant buffer overflow, and application\ncrash) or possibly have unspecified other impact via vectors involving\nlong user and password fields.(CVE-2017-8816)\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to\ncause a denial of service (out-of-bounds access and application crash)\nor possibly have unspecified other impact because too little memory is\nallocated for interfacing to an SSL library.(CVE-2017-8818)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP.\nWhen libcurl connects to an FTP server and successfully logs in\n(anonymous or not), it asks the server for the current directory with\nthe `PWD` command. The server then responds with a 257 response\ncontaining the path, inside double quotes. The returned path name is\nthen kept by libcurl for subsequent uses. Due to a flaw in the string\nparser for this directory name, a directory name passed like this but\nwithout a closing double quote would lead to libcurl not adding a\ntrailing NUL byte to the buffer holding the name. When libcurl would\nthen later access the string, it could read beyond the allocated heap\nbuffer and crash or wrongly access data beyond the buffer, thinking it\nwas part of the path. A malicious server could abuse this fact and\neffectively prevent libcurl-based clients to work with it - the PWD\ncommand is always issued on new FTP connections and the mistake has a\nhigh chance of causing a segfault. The simple fact that this has issue\nremained undiscovered for this long could suggest that malformed PWD\nresponses are rare in benign servers. We are not aware of any exploit\nof this flaw. This bug was introduced in commit\n[415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March\n2005. In libcurl version 7.56.0, the parser always zero terminates the\nstring but also rejects it if not terminated properly with a final\ndouble quote.(CVE-2017-1000254)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based\nbuffer over-read in the tool_msgs.c:voutf() function that may result\nin information exposure and denial of service.(CVE-2018-16842)\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function\ncreating an outgoing NTLM type-3 header\n(`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates\nthe request HTTP header contents based on previously received data.\nThe check that exists to prevent the local buffer from getting\noverflowed is implemented wrongly (using unsigned math) and as such it\ndoes not prevent the overflow from happening. This output data can\ngrow larger than the local buffer if very large 'nt response' data is\nextracted from a previous NTLMv2 header provided by the malicious or\nbroken HTTP server. Such a 'large value' needs to be around 1000 bytes\nor more. The actual payload data copied to the target buffer comes\nfrom the NTLMv2 type-2 response header.(CVE-2019-3822)\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code\nhandling the end-of-response for SMTP. If the buffer passed to\n`smtp_endofresp()` isn't NUL terminated and contains no character\nending the parsed number, and `len` is set to 5, then the `strtol()`\ncall reads beyond the allocated buffer. The read contents will not be\nreturned to the caller.(CVE-2019-3823)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows\nremote attackers to cause a denial of service (out-of-bounds read and\napplication crash) or possibly have unspecified other impact via a\nstring that ends with an '[' character.(CVE-2017-8817)\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's\norigin URL in the user.xdg.origin.url metadata attribute of the\nextended attributes of the downloaded file, which allows local users\nto obtain sensitive information (e.g., credentials contained in the\nURL) by reading this attribute, as demonstrated by getfattr. This also\napplies to Referer information in the user.xdg.referrer.url metadata\nattribute. According to 2016-07-22 in the Wget ChangeLog,\nuser.xdg.origin.url was partially based on the behavior of\nfwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By\ntricking an unsuspecting user into connecting to a malicious IMAP\nserver, an attacker could exploit this flaw to potentially cause\ninformation disclosure or crash the application.(CVE-2017-1000257)\n\nA heap use-after-free flaw was found in curl versions from 7.59.0\nthrough 7.61.1 in the code related to closing an easy handle. When\nclosing and cleaning up an 'easy' handle in the `Curl_close()`\nfunction, the library code first frees a struct (without nulling the\npointer) and might then subsequently erroneously write to a struct\nfield within that already freed struct.(CVE-2018-16840)\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun\nin the SASL authentication code that may lead to denial of\nservice.(CVE-2018-16839)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1162.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"curl-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"curl-debuginfo-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libcurl-7.61.1-9.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libcurl-devel-7.61.1-9.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:26:22", "description": "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :\n\n - apache\n - curl\n - IOAcceleratorFamily\n - IOKit\n - Kernel\n - OpenSSL\n - Screen Sharing Server", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-07T00:00:00", "type": "nessus", "title": "macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3735", "CVE-2017-7154", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7172", "CVE-2017-7173", "CVE-2017-9798", "CVE-2017-12837", "CVE-2017-13847", "CVE-2017-13855", "CVE-2017-13862", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13872", "CVE-2017-13904", "CVE-2017-15422", "CVE-2017-1000254"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOSX_SECUPD2017-005.NASL", "href": "https://www.tenable.com/plugins/nessus/105081", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105081);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-3735\",\n \"CVE-2017-7154\",\n \"CVE-2017-7158\",\n \"CVE-2017-7159\",\n \"CVE-2017-7162\",\n \"CVE-2017-7172\",\n \"CVE-2017-7173\",\n \"CVE-2017-9798\",\n \"CVE-2017-12837\",\n \"CVE-2017-13847\",\n \"CVE-2017-13855\",\n \"CVE-2017-13862\",\n \"CVE-2017-13867\",\n \"CVE-2017-13868\",\n \"CVE-2017-13869\",\n \"CVE-2017-13872\",\n \"CVE-2017-13904\",\n \"CVE-2017-15422\",\n \"CVE-2017-1000254\"\n );\n script_bugtraq_id(\n 100515,\n 100860,\n 100872,\n 101115,\n 101981,\n 102097,\n 102098,\n 102100,\n 103134,\n 103135\n );\n\n script_name(english:\"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)\");\n script_summary(english:\"Checks for the presence of Security Update 2017-002 / 2017-005.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update that\nfixes multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is\nmissing a security update. It is therefore, affected by multiple\nvulnerabilities affecting the following components :\n\n - apache\n - curl\n - IOAcceleratorFamily\n - IOKit\n - Kernel\n - OpenSSL\n - Screen Sharing Server\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208331\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2017-005 or later for 10.11.x or\nSecurity Update 2017-002 or later for 10.12.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7172\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11\\.6|12\\.6)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.11.6 or Mac OS X 10.12.6\");\n\nif (\"10.11.6\" >< os)\n patch = \"2017-005\";\nelse\n patch = \"2017-002\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = pgrep(\n pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\",\n string:packages\n);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = pregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:15:14", "description": "According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\n - It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8623)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8622)\n\n - It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-5419)\n\n - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8624)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8621)\n\n - A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-9586)\n\n - The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '' character.(CVE-2017-8817)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8618)\n\n - It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-7141)\n\n - cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.(CVE-2014-0015)\n\n - The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.(CVE-2013-1944)\n\n - It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.(CVE-2014-8150)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8615)\n\n - The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.(CVE-2014-0138)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8617)\n\n - It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit.(CVE-2014-3613)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1944", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-3613", "CVE-2014-8150", "CVE-2016-5419", "CVE-2016-7141", "CVE-2016-8615", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-9586", "CVE-2017-1000257", "CVE-2017-8817", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1549.NASL", "href": "https://www.tenable.com/plugins/nessus/125002", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125002);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-1944\",\n \"CVE-2014-0015\",\n \"CVE-2014-0138\",\n \"CVE-2014-3613\",\n \"CVE-2014-8150\",\n \"CVE-2016-5419\",\n \"CVE-2016-7141\",\n \"CVE-2016-8615\",\n \"CVE-2016-8617\",\n \"CVE-2016-8618\",\n \"CVE-2016-8621\",\n \"CVE-2016-8622\",\n \"CVE-2016-8623\",\n \"CVE-2016-8624\",\n \"CVE-2016-9586\",\n \"CVE-2017-1000257\",\n \"CVE-2017-8817\",\n \"CVE-2018-1000120\",\n \"CVE-2018-1000121\",\n \"CVE-2018-1000122\"\n );\n script_bugtraq_id(\n 59058,\n 65270,\n 66457,\n 69748,\n 71964\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A NULL pointer dereference flaw was found in the way\n libcurl checks values returned by the openldap\n ldap_get_attribute_ber() function. A malicious LDAP\n server could use this flaw to crash a libcurl client\n application via a specially crafted LDAP\n reply.(CVE-2018-1000121)\n\n - It was found that libcurl did not safely parse FTP URLs\n when using the CURLOPT_FTP_FILEMETHOD method. An\n attacker, able to provide a specially crafted FTP URL\n to an application using libcurl, could write a NULL\n byte at an arbitrary location, resulting in a crash, or\n an unspecified behavior.(CVE-2018-1000120)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8623)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8622)\n\n - It was found that the libcurl library did not prevent\n TLS session resumption when the client certificate had\n changed. An attacker could potentially use this flaw to\n hijack the authentication of the connection by\n leveraging a previously created connection with a\n different client certificate.(CVE-2016-5419)\n\n - A buffer overrun flaw was found in the IMAP handler of\n libcurl. By tricking an unsuspecting user into\n connecting to a malicious IMAP server, an attacker\n could exploit this flaw to potentially cause\n information disclosure or crash the\n application.(CVE-2017-1000257)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8624)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8621)\n\n - A buffer over-read exists in curl 7.20.0 to and\n including curl 7.58.0 in the RTSP+RTP handling code\n that allows an attacker to cause a denial of service or\n information leakage(CVE-2018-1000122)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-9586)\n\n - The FTP wildcard function in curl and libcurl before\n 7.57.0 allows remote attackers to cause a denial of\n service (out-of-bounds read and application crash) or\n possibly have unspecified other impact via a string\n that ends with an '' character.(CVE-2017-8817)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8618)\n\n - It was found that the libcurl library using the NSS\n (Network Security Services) library as TLS/SSL backend\n incorrectly re-used client certificates for subsequent\n TLS connections in certain cases. An attacker could\n potentially use this flaw to hijack the authentication\n of the connection by leveraging a previously created\n connection with a different client\n certificate.(CVE-2016-7141)\n\n - cURL and libcurl 7.10.6 through 7.34.0, when more than\n one authentication method is enabled, re-uses NTLM\n connections, which might allow context-dependent\n attackers to authenticate as other users via a\n request.(CVE-2014-0015)\n\n - The tailMatch function in cookie.c in cURL and libcurl\n before 7.30.0 does not properly match the path domain\n when sending cookies, which allows remote attackers to\n steal cookies via a matching suffix in the domain of a\n URL.(CVE-2013-1944)\n\n - It was discovered that the libcurl library failed to\n properly handle URLs with embedded end-of-line\n characters. An attacker able to make an application\n using libcurl access a specially crafted URL via an\n HTTP proxy could use this flaw to inject additional\n headers to the request or construct additional\n requests.(CVE-2014-8150)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8615)\n\n - The default configuration in cURL and libcurl 7.10.6\n before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4)\n POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9)\n LDAP, and (10) LDAPS connections, which might allow\n context-dependent attackers to connect as other users\n via a request, a similar issue to\n CVE-2014-0015.(CVE-2014-0138)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8617)\n\n - It was found that the libcurl library did not correctly\n handle partial literal IP addresses when parsing\n received HTTP cookies. An attacker able to trick a user\n into connecting to a malicious server could use this\n flaw to set the user's cookie to a crafted domain,\n making other cookie-related issues easier to\n exploit.(CVE-2014-3613)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1549\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a10efe7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h10\",\n \"libcurl-7.29.0-46.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:29:21", "description": "The remote host is affected by the vulnerability described in GLSA-201701-47 (cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers and bug reports referenced for details.\n Impact :\n\n Remote attackers could conduct a Man-in-the-Middle attack to obtain sensitive information, cause a Denial of Service condition, or execute arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "GLSA-201701-47 : cURL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8150", "CVE-2014-8151", "CVE-2016-0755", "CVE-2016-3739", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-9586", "CVE-2016-9594"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:curl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-47.NASL", "href": "https://www.tenable.com/plugins/nessus/96644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-47.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96644);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8150\", \"CVE-2014-8151\", \"CVE-2016-0755\", \"CVE-2016-3739\", \"CVE-2016-5419\", \"CVE-2016-5420\", \"CVE-2016-5421\", \"CVE-2016-7141\", \"CVE-2016-7167\", \"CVE-2016-8615\", \"CVE-2016-8616\", \"CVE-2016-8617\", \"CVE-2016-8618\", \"CVE-2016-8619\", \"CVE-2016-8620\", \"CVE-2016-8621\", \"CVE-2016-8622\", \"CVE-2016-8623\", \"CVE-2016-8624\", \"CVE-2016-8625\", \"CVE-2016-9586\", \"CVE-2016-9594\");\n script_xref(name:\"GLSA\", value:\"201701-47\");\n\n script_name(english:\"GLSA-201701-47 : cURL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-47\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in cURL. Please review the\n CVE identifiers and bug reports referenced for details.\n \nImpact :\n\n Remote attackers could conduct a Man-in-the-Middle attack to obtain\n sensitive information, cause a Denial of Service condition, or execute\n arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-47\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.52.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.52.1\"), vulnerable:make_list(\"lt 7.52.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:11", "description": "The remote host is running a version of macOS that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754", "CVE-2017-3735", "CVE-2017-9798", "CVE-2017-1000254", "CVE-2017-13871", "CVE-2017-13860", "CVE-2017-13833", "CVE-2017-13826", "CVE-2017-13847", "CVE-2017-7162", "CVE-2017-13862", "CVE-2017-13867", "CVE-2017-13876", "CVE-2017-13855", "CVE-2017-13865", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-7154", "CVE-2017-13872", "CVE-2017-13883", "CVE-2017-7155", "CVE-2017-7163", "CVE-2017-13878", "CVE-2017-13875", "CVE-2017-7159", "CVE-2017-13848", "CVE-2017-13858", "CVE-2017-7158", "CVE-2017-13844"], "modified": "2019-04-10T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "700513.PRM", "href": "https://www.tenable.com/plugins/nnm/700513", "sourceData": "Binary data 700513.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:53:38", "description": "The remote host is running Mac OS X 10.10.5, Mac OS X 10.11.6, or macOS 10.12.5 and is missing a security update. It is therefore, affected by multiple vulnerabilities :\n\n - An overflow condition exists in the curl component in the dprintf_formatf() function that is triggered when handling floating point conversion. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-9586)\n\n - A flaw exits in the curl component in the randit() function within file lib/rand.c due to improper initialization of the 32-bit random value, which is used, for example, to generate Digest and NTLM authentication nonces, resulting in weaker cryptographic operations than expected. (CVE-2016-9594)\n\n - A flaw exists in the curl component in the allocate_conn() function in lib/url.c when using the OCSP stapling feature for checking a X.509 certificate revocation status. The issue is triggered as the request option for OCSP stapling is not properly passed to the TLS library, resulting in no error being returned even when no proof of the validity of the certificate could be provided. A man-in-the-middle attacker can exploit this to provide a revoked certificate. (CVE-2017-2629)\n\n - A remote code execution vulnerability exists in the CoreAudio component due to improper validation of user-supplied input when handling movie files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted movie file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7008)\n\n - A memory corruption issue exists in the IOUSBFamily component due to improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted application, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2017-7009)\n\n - Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information.\n (CVE-2017-7010, CVE-2017-7013)\n\n - Multiple memory corruption issues exist in the Intel Graphics Driver component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with elevated privileges.\n (CVE-2017-7014, CVE-2017-7017, CVE-2017-7035, CVE-2017-7044)\n\n - A remote code execution vulnerability exists in the Audio component due to improper validation of user-supplied input when handling audio files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted audio file, to execute arbitrary code. (CVE-2017-7015)\n\n - Multiple remote code execution vulnerabilities exist in the afclip component due to improper validation of user-supplied input when handling audio files. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to play a specially crafted audio file, to execute arbitrary code. (CVE-2017-7016, CVE-2017-7033)\n\n - A memory corruption issue exists in the AppleGraphicsPowerManagement component due to improper validation of input. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code with system privileges.\n (CVE-2017-7021)\n\n - Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7022, CVE-2017-7024, CVE-2017-7026)\n\n - Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with kernel privileges. (CVE-2017-7023, CVE-2017-7025, CVE-2017-7027, CVE-2017-7069)\n\n - Multiple unspecified flaws exist in the kernel due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory contents.\n (CVE-2017-7028, CVE-2017-7029, CVE-2017-7067)\n\n - A flaw exists in the Foundation component due to improper validation of input. A unauthenticated, remote attacker can exploit this, by convincing a user to open specially crafted file, to execute arbitrary code.\n (CVE-2017-7031)\n\n - A memory corruption issue exists in the 'kext tools' component due to improper validation of input. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2017-7032)\n\n - Multiple unspecified flaws exist in the Intel Graphics Driver component due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory contents. (CVE-2017-7036, CVE-2017-7045)\n\n - A memory corruption issue exists in the libxpc component due to improper validation of input. A local attacker can exploit this issue, via a specifically crafted application, to cause a denial of service condition or the execution of arbitrary code with system privileges.\n (CVE-2017-7047)\n\n - Multiple memory corruption issues exist in the Bluetooth component due to improper validation of input.\n A local attacker can exploit these issues to execute arbitrary code with system privileges. (CVE-2017-7050, CVE-2017-7051)\n\n - A memory corruption issue exists in the Bluetooth component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with system privileges. (CVE-2017-7054)\n\n - A buffer overflow condition exists in the Contacts component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7062)\n\n - A buffer overflow condition exists in the libarchive component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted archive file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7068)\n\n - A certificate validation bypass vulnerability exists in the curl component due to the program attempting to resume TLS sessions even if the client certificate fails. An unauthenticated, remote attacker can exploit this to bypass validation mechanisms. (CVE-2017-7468)\n\n - A memory corruption issue exists in the Broadcom BCM43xx family Wi-Fi Chips component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-9417)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-25T00:00:00", "type": "nessus", "title": "macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2016-9594", "CVE-2017-2629", "CVE-2017-7008", "CVE-2017-7009", "CVE-2017-7010", "CVE-2017-7013", "CVE-2017-7014", "CVE-2017-7015", "CVE-2017-7016", "CVE-2017-7017", "CVE-2017-7021", "CVE-2017-7022", "CVE-2017-7023", "CVE-2017-7024", "CVE-2017-7025", "CVE-2017-7026", "CVE-2017-7027", "CVE-2017-7028", "CVE-2017-7029", "CVE-2017-7031", "CVE-2017-7032", "CVE-2017-7033", "CVE-2017-7035", "CVE-2017-7036", "CVE-2017-7044", "CVE-2017-7045", "CVE-2017-7047", "CVE-2017-7050", "CVE-2017-7051", "CVE-2017-7054", "CVE-2017-7062", "CVE-2017-7067", "CVE-2017-7068", "CVE-2017-7069", "CVE-2017-7468", "CVE-2017-9417"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOSX_SECUPD2017-003.NASL", "href": "https://www.tenable.com/plugins/nessus/101957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101957);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2016-9586\",\n \"CVE-2016-9594\",\n \"CVE-2017-2629\",\n \"CVE-2017-7008\",\n \"CVE-2017-7009\",\n \"CVE-2017-7010\",\n \"CVE-2017-7013\",\n \"CVE-2017-7014\",\n \"CVE-2017-7015\",\n \"CVE-2017-7016\",\n \"CVE-2017-7017\",\n \"CVE-2017-7021\",\n \"CVE-2017-7022\",\n \"CVE-2017-7023\",\n \"CVE-2017-7024\",\n \"CVE-2017-7025\",\n \"CVE-2017-7026\",\n \"CVE-2017-7027\",\n \"CVE-2017-7028\",\n \"CVE-2017-7029\",\n \"CVE-2017-7031\",\n \"CVE-2017-7032\",\n \"CVE-2017-7033\",\n \"CVE-2017-7035\",\n \"CVE-2017-7036\",\n \"CVE-2017-7044\",\n \"CVE-2017-7045\",\n \"CVE-2017-7047\",\n \"CVE-2017-7050\",\n \"CVE-2017-7051\",\n \"CVE-2017-7054\",\n \"CVE-2017-7062\",\n \"CVE-2017-7067\",\n \"CVE-2017-7068\",\n \"CVE-2017-7069\",\n \"CVE-2017-7468\",\n \"CVE-2017-9417\"\n );\n script_bugtraq_id(\n 95019,\n 95094,\n 96382,\n 97962,\n 99482,\n 99879,\n 99880,\n 99882,\n 99883,\n 99889\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-05-15-1\");\n\n script_name(english:\"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-003)\");\n script_summary(english:\"Checks for the presence of Security Update 2017-003.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update that\nfixes multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mac OS X 10.10.5, Mac OS X 10.11.6, or\nmacOS 10.12.5 and is missing a security update. It is therefore,\naffected by multiple vulnerabilities :\n\n - An overflow condition exists in the curl component in\n the dprintf_formatf() function that is triggered when\n handling floating point conversion. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-9586)\n\n - A flaw exits in the curl component in the randit()\n function within file lib/rand.c due to improper\n initialization of the 32-bit random value, which is\n used, for example, to generate Digest and NTLM\n authentication nonces, resulting in weaker cryptographic\n operations than expected. (CVE-2016-9594)\n\n - A flaw exists in the curl component in the\n allocate_conn() function in lib/url.c when using the\n OCSP stapling feature for checking a X.509 certificate\n revocation status. The issue is triggered as the request\n option for OCSP stapling is not properly passed to the\n TLS library, resulting in no error being returned even\n when no proof of the validity of the certificate could\n be provided. A man-in-the-middle attacker can exploit\n this to provide a revoked certificate. (CVE-2017-2629)\n\n - A remote code execution vulnerability exists in the\n CoreAudio component due to improper validation of\n user-supplied input when handling movie files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to play a specially crafted movie\n file, to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2017-7008)\n\n - A memory corruption issue exists in the IOUSBFamily\n component due to improper validation of user-supplied\n input. A local attacker can exploit this, via a\n specially crafted application, to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2017-7009)\n\n - Multiple out-of-bounds read errors exist in the libxml2\n component due to improper handling of specially crafted\n XML documents. An unauthenticated, remote attacker can\n exploit these to disclose user information.\n (CVE-2017-7010, CVE-2017-7013)\n\n - Multiple memory corruption issues exist in the Intel\n Graphics Driver component due to improper validation of\n input. A local attacker can exploit these issues to\n execute arbitrary code with elevated privileges.\n (CVE-2017-7014, CVE-2017-7017, CVE-2017-7035,\n CVE-2017-7044)\n\n - A remote code execution vulnerability exists in the\n Audio component due to improper validation of\n user-supplied input when handling audio files. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to play a specially crafted audio\n file, to execute arbitrary code. (CVE-2017-7015)\n\n - Multiple remote code execution vulnerabilities exist in\n the afclip component due to improper validation of\n user-supplied input when handling audio files. An\n unauthenticated, remote attacker can exploit these\n vulnerabilities, by convincing a user to play a\n specially crafted audio file, to execute arbitrary\n code. (CVE-2017-7016, CVE-2017-7033)\n\n - A memory corruption issue exists in the\n AppleGraphicsPowerManagement component due to improper\n validation of input. A local attacker can exploit this\n to cause a denial of service condition or the execution\n of arbitrary code with system privileges.\n (CVE-2017-7021)\n\n - Multiple memory corruption issues exist in the kernel\n due to improper validation of input. A local attacker\n can exploit these issues to cause a denial of service\n condition or the execution of arbitrary code with system\n privileges. (CVE-2017-7022, CVE-2017-7024,\n CVE-2017-7026)\n\n - Multiple memory corruption issues exist in the kernel\n due to improper validation of input. A local attacker\n can exploit these issues to cause a denial of service\n condition or the execution of arbitrary code with kernel\n privileges. (CVE-2017-7023, CVE-2017-7025,\n CVE-2017-7027, CVE-2017-7069)\n\n - Multiple unspecified flaws exist in the kernel due to a\n failure to properly sanitize input. A local attacker can\n exploit these issues, via a specially crafted\n application, to disclose restricted memory contents.\n (CVE-2017-7028, CVE-2017-7029, CVE-2017-7067)\n\n - A flaw exists in the Foundation component due to\n improper validation of input. A unauthenticated, remote\n attacker can exploit this, by convincing a user to open\n specially crafted file, to execute arbitrary code.\n (CVE-2017-7031)\n\n - A memory corruption issue exists in the 'kext tools'\n component due to improper validation of input. A local\n attacker can exploit this to execute arbitrary code with\n elevated privileges. (CVE-2017-7032)\n\n - Multiple unspecified flaws exist in the Intel Graphics\n Driver component due to a failure to properly sanitize\n input. A local attacker can exploit these issues, via a\n specially crafted application, to disclose restricted\n memory contents. (CVE-2017-7036, CVE-2017-7045)\n\n - A memory corruption issue exists in the libxpc component\n due to improper validation of input. A local attacker\n can exploit this issue, via a specifically crafted\n application, to cause a denial of service condition or\n the execution of arbitrary code with system privileges.\n (CVE-2017-7047)\n\n - Multiple memory corruption issues exist in the\n Bluetooth component due to improper validation of input.\n A local attacker can exploit these issues to execute\n arbitrary code with system privileges. (CVE-2017-7050,\n CVE-2017-7051)\n\n - A memory corruption issue exists in the Bluetooth\n component due to improper validation of input. A local\n attacker can exploit these issues to execute arbitrary\n code with system privileges. (CVE-2017-7054)\n\n - A buffer overflow condition exists in the Contacts\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2017-7062)\n\n - A buffer overflow condition exists in the libarchive\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this, via a specially crafted archive file, to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2017-7068)\n\n - A certificate validation bypass vulnerability exists in\n the curl component due to the program attempting to\n resume TLS sessions even if the client certificate\n fails. An unauthenticated, remote attacker can exploit\n this to bypass validation mechanisms. (CVE-2017-7468)\n\n - A memory corruption issue exists in the Broadcom BCM43xx\n family Wi-Fi Chips component that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2017-9417)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207922\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2017/May/47\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2017-003 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7069\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(10\\.5|11\\.6|12\\.5)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.10.5 or Mac OS X 10.11.6 or Mac OS X 10.12.5\");\n\nif (\"10.10.5\" >< os || \"10.11.6\" >< os || \"10.12.5\" >< os) patch = \"2017-003\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = pgrep(\n pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\",\n string:packages\n);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:38", "description": "The remote host is running a version of Mac OS X version 10.x prior to 10.12.6, and is affected by multiple vulnerabilities :\n\n - An overflow condition exists in the curl component in the 'dprintf_formatf()' function that is triggered when handling floating point conversion. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-9586)\n - A flaw exits in the curl component in the 'randit()' function within file lib/rand.c due to improper initialization of the 32-bit random value, which is used, for example, to generate Digest and NTLM authentication nonces, resulting in weaker cryptographic operations than expected. (CVE-2016-9594)\n - A flaw exists in the curl component in the 'allocate_conn()' function in lib/url.c when using the OCSP stapling feature for checking a X.509 certificate revocation status. The issue is triggered as the request option for OCSP stapling is not properly passed to the TLS library, resulting in no error being returned even when no proof of the validity of the certificate could be provided. A man-in-the-middle attacker can exploit this to provide a revoked certificate. (CVE-2017-2629)\n - A remote code execution vulnerability exists in the CoreAudio component due to improper validation of user-supplied input when handling movie files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted movie file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7008)\n - A memory corruption issue exists in the IOUSBFamily component due to improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted application, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7009)\n - Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information. (CVE-2017-7010, CVE-2017-7013)\n - Multiple memory corruption issues exist in the Intel Graphics Driver component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with elevated privileges. (CVE-2017-7014, CVE-2017-7017, CVE-2017-7035, CVE-2017-7044)\n - A remote code execution vulnerability exists in the Audio component due to improper validation of user-supplied input when handling audio files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted audio file, to execute arbitrary code. (CVE-2017-7015)\n - Multiple remote code execution vulnerabilities exist in the afclip component due to improper validation of user-supplied input when handling audio files. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to play a specially crafted audio file, to execute arbitrary code. (CVE-2017-7016, CVE-2017-7033)\n - A memory corruption issue exists in the AppleGraphicsPowerManagement component due to improper validation of input. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7021)\n - Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7022, CVE-2017-7024, CVE-2017-7026)\n - Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with kernel privileges. (CVE-2017-7023, CVE-2017-7025, CVE-2017-7027, CVE-2017-7069)\n - Multiple unspecified flaws exist in the kernel due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory contents. (CVE-2017-7028, CVE-2017-7029, CVE-2017-7067)\n - A flaw exists in the Foundation component due to improper validation of input. A unauthenticated, remote attacker can exploit this, by convincing a user to open specially crafted file, to execute arbitrary code. (CVE-2017-7031)\n - A memory corruption issue exists in the 'kext tools' component due to improper validation of input. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2017-7032)\n - Multiple unspecified flaws exist in the Intel Graphics Driver component due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory contents. (CVE-2017-7036, CVE-2017-7045)\n - A memory corruption issue exists in the libxpc component due to improper validation of input. A local attacker can exploit this issue, via a specifically crafted application, to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7047)\n - Multiple memory corruption issues exist in the Bluetooth component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with system privileges. (CVE-2017-7050, CVE-2017-7051)\n - A memory corruption issue exists in the Bluetooth component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with system privileges. (CVE-2017-7054)\n - A buffer overflow condition exists in the Contacts component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7062)\n - A buffer overflow condition exists in the libarchive component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted archive file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7068)\n - A certificate validation bypass vulnerability exists in the curl component due to the program attempting to resume TLS sessions even if the client certificate fails. An unauthenticated, remote attacker can exploit this to bypass validation mechanisms. (CVE-2017-7468)\n - A memory corruption issue exists in the Broadcom BCM43xx family Wi-Fi Chips component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-9417)\n", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Mac OS X 10.x < 10.12.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2017-7468", "CVE-2017-9417", "CVE-2017-7067", "CVE-2016-9594", "CVE-2017-2629", "CVE-2017-7062", "CVE-2017-7008", "CVE-2017-7009", "CVE-2017-7022", "CVE-2017-7024", "CVE-2017-7026", "CVE-2017-7023", "CVE-2017-7025", "CVE-2017-7027", "CVE-2017-7069", "CVE-2017-7028", "CVE-2017-7029", "CVE-2017-7068", "CVE-2017-7010", "CVE-2017-7013", "CVE-2017-7047", "CVE-2017-7016", "CVE-2017-7033", "CVE-2017-7021", "CVE-2017-7015", "CVE-2017-7050", "CVE-2017-7051", "CVE-2017-7054", "CVE-2017-7031", "CVE-2017-7014", "CVE-2017-7017", "CVE-2017-7035", "CVE-2017-7044", "CVE-2017-7036", "CVE-2017-7045", "CVE-2017-7032"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "700170.PRM", "href": "https://www.tenable.com/plugins/nnm/700170", "sourceData": "Binary data 700170.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:35:37", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-07T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-13847", "CVE-2017-13848", "CVE-2017-13855", "CVE-2017-13858", "CVE-2017-13860", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13871", "CVE-2017-13872", "CVE-2017-13875", "CVE-2017-13876", "CVE-2017-13878", "CVE-2017-13883", "CVE-2017-13886", "CVE-2017-13887", "CVE-2017-13892", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-13911", "CVE-2017-15422", "CVE-2017-3735", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7154", "CVE-2017-7155", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7163", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173", "CVE-2017-9798"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_13_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105080", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105080);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-1000254\",\n \"CVE-2017-13847\",\n \"CVE-2017-13848\",\n \"CVE-2017-13855\",\n \"CVE-2017-13858\",\n \"CVE-2017-13860\",\n \"CVE-2017-13862\",\n \"CVE-2017-13865\",\n \"CVE-2017-13867\",\n \"CVE-2017-13868\",\n \"CVE-2017-13869\",\n \"CVE-2017-13871\",\n \"CVE-2017-13872\",\n \"CVE-2017-13875\",\n \"CVE-2017-13876\",\n \"CVE-2017-13878\",\n \"CVE-2017-13883\",\n \"CVE-2017-13886\",\n \"CVE-2017-13887\",\n \"CVE-2017-13892\",\n \"CVE-2017-13904\",\n \"CVE-2017-13905\",\n \"CVE-2017-13911\",\n \"CVE-2017-15422\",\n \"CVE-2017-3735\",\n \"CVE-2017-5754\",\n \"CVE-2017-7151\",\n \"CVE-2017-7154\",\n \"CVE-2017-7155\",\n \"CVE-2017-7158\",\n \"CVE-2017-7159\",\n \"CVE-2017-7162\",\n \"CVE-2017-7163\",\n \"CVE-2017-7171\",\n \"CVE-2017-7172\",\n \"CVE-2017-7173\",\n \"CVE-2017-9798\"\n );\n script_bugtraq_id(\n 100515,\n 100872,\n 101115,\n 101981,\n 102097,\n 102098,\n 102099,\n 102100,\n 102378,\n 103134,\n 103135\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.2. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208394\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7172\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.2\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.2', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:12", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-13011", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13077", "CVE-2017-13786", "CVE-2017-13799", "CVE-2017-13852", "CVE-2017-13804", "CVE-2017-13800", "CVE-2017-13801"], "modified": "2019-04-10T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "700512.PRM", "href": "https://www.tenable.com/plugins/nnm/700512", "sourceData": "Binary data 700512.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:41", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13786", "CVE-2017-13799", "CVE-2017-13800", "CVE-2017-13801", "CVE-2017-13804", "CVE-2017-13808", "CVE-2017-13811", "CVE-2017-13852", "CVE-2017-13907", "CVE-2017-7170", "CVE-2018-4390", "CVE-2018-4391"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_13_1.NASL", "href": "https://www.tenable.com/plugins/nessus/104378", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104378);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\",\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\",\n \"CVE-2017-13786\",\n \"CVE-2017-13799\",\n \"CVE-2017-13800\",\n \"CVE-2017-13801\",\n \"CVE-2017-13804\",\n \"CVE-2017-13808\",\n \"CVE-2017-13811\",\n \"CVE-2017-13852\",\n \"CVE-2017-13907\",\n \"CVE-2017-7170\",\n \"CVE-2018-4390\",\n \"CVE-2018-4391\"\n );\n script_bugtraq_id(\n 100249,\n 100286,\n 100913,\n 100914,\n 101274,\n 99938,\n 99939,\n 99940,\n 99941\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-2\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"macOS 10.13.x < 10.13.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.1. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208221\");\n # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3881783e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7170\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.1\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.1', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-3441-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407", "CVE-2017-1000254", "CVE-2017-1000101", "CVE-2017-1000100", "CVE-2016-9586"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843328", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843328", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3441_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for curl USN-3441-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843328\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-11 09:57:05 +0200 (Wed, 11 Oct 2017)\");\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-1000100\", \"CVE-2017-1000101\",\n \"CVE-2017-1000254\", \"CVE-2017-7407\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for curl USN-3441-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Daniel Stenberg discovered that curl\n incorrectly handled large floating point output. A remote attacker could use\n this issue to cause curl to crash, resulting in a denial of service, or possibly\n execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n 16.04 LTS. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled\n large file names when doing TFTP transfers. A remote attacker could use this\n issue to cause curl to crash, resulting in a denial of service, or possibly\n obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji\n Ouyang discovered that curl incorrectly handled numerical range globbing. A\n remote attacker could use this issue to cause curl to crash, resulting in a\n denial of service, or possibly obtain sensitive memory contents.\n (CVE-2017-1000101) Max Dymond discovered that curl incorrectly handled FTP PWD\n responses. A remote attacker could use this issue to cause curl to crash,\n resulting in a denial of service. (CVE-2017-1000254) Brian Carpenter discovered\n that curl incorrectly handled the --write-out command line option. A local\n attacker could possibly use this issue to obtain sensitive memory contents.\n (CVE-2017-7407)\");\n script_tag(name:\"affected\", value:\"curl on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3441-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3441-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.35.0-1ubuntu2.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.35.0-1ubuntu2.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.35.0-1ubuntu2.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-4ubuntu1.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.52.1-4ubuntu1.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.52.1-4ubuntu1.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.52.1-4ubuntu1.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.52.1-4ubuntu1.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.52.1-4ubuntu1.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.52.1-4ubuntu1.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.47.0-1ubuntu2.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.47.0-1ubuntu2.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.47.0-1ubuntu2.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.47.0-1ubuntu2.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.47.0-1ubuntu2.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.47.0-1ubuntu2.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:53", "description": "Several vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2017-1000100\nEven Rouault reported that cURL does not properly handle long file\nnames when doing an TFTP upload. A malicious HTTP(S) server can take\nadvantage of this flaw by redirecting a client using the cURL\nlibrary to a crafted TFTP URL and trick it to send private memory\ncontents to a remote server over UDP.\n\nCVE-2017-1000101\nBrian Carpenter and Yongji Ouyang reported that cURL contains a flaw\nin the globbing function that parses the numerical range, leading to\nan out-of-bounds read when parsing a specially crafted URL.\n\nCVE-2017-1000254\nMax Dymond reported that cURL contains an out-of-bounds read flaw in\nthe FTP PWD response parser. A malicious server can take advantage\nof this flaw to effectively prevent a client using the cURL library\nto work with it, causing a denial of service.", "cvss3": {}, "published": "2017-10-06T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3992-1 (curl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000101", "CVE-2017-1000100"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703992", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703992", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3992.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3992-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703992\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2017-1000101\", \"CVE-2017-1000254\");\n script_name(\"Debian Security Advisory DSA 3992-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-06 00:00:00 +0200 (Fri, 06 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3992.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u6.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u1.\n\nWe recommend that you upgrade your curl packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2017-1000100\nEven Rouault reported that cURL does not properly handle long file\nnames when doing an TFTP upload. A malicious HTTP(S) server can take\nadvantage of this flaw by redirecting a client using the cURL\nlibrary to a crafted TFTP URL and trick it to send private memory\ncontents to a remote server over UDP.\n\nCVE-2017-1000101\nBrian Carpenter and Yongji Ouyang reported that cURL contains a flaw\nin the globbing function that parses the numerical range, leading to\nan out-of-bounds read when parsing a specially crafted URL.\n\nCVE-2017-1000254\nMax Dymond reported that cURL contains an out-of-bounds read flaw in\nthe FTP PWD response parser. A malicious server can take advantage\nof this flaw to effectively prevent a client using the cURL library\nto work with it, causing a denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-f1ffd18079", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000101", "CVE-2017-1000100"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873268", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873268", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_f1ffd18079_curl_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2017-f1ffd18079\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873268\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-14 07:44:58 +0200 (Mon, 14 Aug 2017)\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2017-1000101\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-f1ffd18079\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-f1ffd18079\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTKXXSSRRMP62652U6F2GUBQFOOFHLZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.53.1~10.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-f2df9d7772", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000101", "CVE-2017-1000100"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873264", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_f2df9d7772_curl_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2017-f2df9d7772\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873264\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-14 07:44:47 +0200 (Mon, 14 Aug 2017)\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2017-1000101\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-f2df9d7772\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-f2df9d7772\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPL37DFMX7KV4HFA7LZ7CXMGMTQWUKYG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.51.0~9.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-28T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2016-edbb33ab2e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872189", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2016-edbb33ab2e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872189\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-28 06:04:08 +0100 (Wed, 28 Dec 2016)\");\n script_cve_id(\"CVE-2016-9586\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2016-edbb33ab2e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-edbb33ab2e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J7CZHLHC7T746MIDKL5UO2FVXW5H74I3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.51.0~4.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-01T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2016-86d2b5aefb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872211", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2016-86d2b5aefb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872211\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-01 05:56:40 +0100 (Sun, 01 Jan 2017)\");\n script_cve_id(\"CVE-2016-9586\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2016-86d2b5aefb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-86d2b5aefb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIBGO5PHXRQNX4KY62YYBGQX322KE7G7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.47.1~10.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1697)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191697", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191697", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1697\");\n script_version(\"2020-01-23T12:20:14+0000\");\n script_cve_id(\"CVE-2017-7407\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:14 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:14 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1697)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1697\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1697\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1697 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h13\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:06:51", "description": "It was discovered that there was a buffer read overrun vulnerability in curl,\na tool for downloading files from the internet, etc.\n\nIf a ", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for curl (DLA-883-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890883", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890883\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7407\");\n script_name(\"Debian LTS: Security Advisory for curl (DLA-883-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00002.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', this issue has been fixed in curl version\n7.26.0-1+wheezy18+deb7u1.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there was a buffer read overrun vulnerability in curl,\na tool for downloading files from the internet, etc.\n\nIf a '%' ended the --write-out parameter, the string's trailing NUL would be\nskipped and memory past the end of the buffer could be accessed and potentially\ndisplayed as part of the output.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy18+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy18+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy18+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy18+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy18+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy18+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy18+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy18+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-b38b98727e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2017-b38b98727e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872556\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-10 06:41:50 +0200 (Mon, 10 Apr 2017)\");\n script_cve_id(\"CVE-2017-7407\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-b38b98727e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-b38b98727e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIYGCVQARXZJTLMUA6GQQ6AJ56TDXEDA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.51.0~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:40:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191751", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1751\");\n script_version(\"2020-01-23T12:21:40+0000\");\n script_cve_id(\"CVE-2017-7407\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:21:40 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:21:40 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1751)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1751\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1751\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1751 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h24\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h24\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h24\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:38:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171288", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171288", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1288\");\n script_version(\"2020-01-23T13:52:22+0000\");\n script_cve_id(\"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:52:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:05:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1288)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1288\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1288\");\n script_xref(name:\"URL\", value:\"https://github.com/curl/curl/commit/415d2e7cb7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2017-1288 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](see references), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h13\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h13\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h13\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:33", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1287)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171287", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171287", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1287\");\n script_version(\"2020-01-23T13:52:22+0000\");\n script_cve_id(\"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:52:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:05:35 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1287)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1287\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1287\");\n script_xref(name:\"URL\", value:\"https://github.com/curl/curl/commit/415d2e7cb7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2017-1287 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](See references), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h13\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h13\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h13\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-21T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-601b4c20a4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873507", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873507", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_601b4c20a4_curl_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2017-601b4c20a4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873507\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-21 09:51:54 +0200 (Sat, 21 Oct 2017)\");\n script_cve_id(\"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-601b4c20a4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-601b4c20a4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHUFGFYW5CHB262LLZAQLWANLP6KPM5O\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.53.1~11.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:06:50", "description": "It was discovered that there was a out-of-bounds read vulnerability in\ncurl, a command-line and library for transferring data over HTTP/FTP,\netc. A malicious FTP server could abuse this to prevent curl-based\nclients from interacting with it.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for curl (DLA-1121-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000254"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891121", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891121\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-1000254\");\n script_name(\"Debian LTS: Security Advisory for curl (DLA-1121-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', this issue has been fixed in curl version\n7.26.0-1+wheezy21.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there was a out-of-bounds read vulnerability in\ncurl, a command-line and library for transferring data over HTTP/FTP,\netc. A malicious FTP server could abuse this to prevent curl-based\nclients from interacting with it.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy21\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy21\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:39:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191163", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191163", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1163\");\n script_version(\"2020-01-23T11:33:23+0000\");\n script_cve_id(\"CVE-2017-1000100\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:33:23 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:33:23 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1163)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1163\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1163\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1163 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.CVE-2017-1000100\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h23\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h23\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:36:45", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1083)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191083", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1083\");\n script_version(\"2020-01-23T11:30:41+0000\");\n script_cve_id(\"CVE-2017-1000100\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:30:41 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:30:41 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1083)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1083\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1083\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1083 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 2.5.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h23\", rls:\"EULEROSVIRT-2.5.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:09:27", "description": "CVE-2017-1000100\nWrong handling of very long filenames during TFTP might result in\ncurl sending more than buffer size.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for curl (DLA-1062-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000100"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891062", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891062\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-1000100\");\n script_name(\"Debian LTS: Security Advisory for curl (DLA-1062-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00014.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', this problem has been fixed in version\n7.26.0-1+wheezy20.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2017-1000100\nWrong handling of very long filenames during TFTP might result in\ncurl sending more than buffer size.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy20\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy20\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-17T14:22:48", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-11-02T00:00:00", "type": "openvas", "title": "Apple MacOSX Multiple Vulnerabilities HT208221", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13080", "CVE-2017-13078", "CVE-2017-13804", "CVE-2017-1000101", "CVE-2017-1000100", "CVE-2017-13077", "CVE-2017-13801"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310811959", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811959", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Multiple Vulnerabilities HT208221\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811959\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2017-1000101\", \"CVE-2017-13801\",\n \"CVE-2017-13804\", \"CVE-2017-13077\", \"CVE-2017-13078\",\n \"CVE-2017-13080\");\n script_bugtraq_id(100249, 101274);\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 12:40:42 +0530 (Thu, 02 Nov 2017)\");\n script_name(\"Apple MacOSX Multiple Vulnerabilities HT208221\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A logic issue existed in the handling of state transitions.\n\n - A path handling issue.\n\n - A validation issue existed which allowed local file access.\n\n - An out-of-bounds read.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code with system privileges and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.13, 10.12.x\n through 10.12.6, 10.11.x through 10.11.6\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.13.1 or apply the appropriate patch.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208221\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[1-3]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[1-3]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\n# if 10.11.x before 10.11.6 is running, update to 10.11.6 first and then apply patch\n# if 10.12.x before 10.12.6 is running, update to 10.12.6 first and then apply patch\nif(osVer =~ \"^10\\.1[12]\")\n{\n if(version_in_range(version:osVer, test_version:\"10.11\", test_version2:\"10.11.5\") ||\n version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.11.6\" || osVer == \"10.12.6\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n # applying patch on 10.11.6 will upgrade build version to 15G17023\n # http://www.insanelymac.com/forum/topic/306535-nvidia-web-driver-updates-for-el-capitan-update-07212017/page-35\n # applying patch on 10.12.6 will upgrade build version to 16G1036\n # http://www.xlr8yourmac.com/index.html#MacNvidiaDriverUpdates\n if(buildVer)\n {\n if((osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G17023\")) ||\n (osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1036\")))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n }\n}\n\nelse if(osVer == \"10.13\"){\n fix = \"10.13.1\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:03", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1330)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2016-9586", "CVE-2018-1000301"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181330", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1330\");\n script_version(\"2020-01-23T13:52:22+0000\");\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-1000254\", \"CVE-2017-8817\", \"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:52:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:21:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1330)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1330\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1330\");\n script_xref(name:\"URL\", value:\"https://github.com/curl/curl/commit/415d2e7cb7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1330 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](see references), March 2005. In libcurl version 7.56 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h7\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:41:29", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9586", "CVE-2018-1000301"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181202", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1202\");\n script_version(\"2020-01-23T11:17:19+0000\");\n script_cve_id(\"CVE-2016-9586\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:19 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1202)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1202\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1202\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1202 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:46", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1401)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000007", "CVE-2017-1000100"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181401", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1401\");\n script_version(\"2020-01-23T11:24:53+0000\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2018-1000007\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:24:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:24:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1401)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1401\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1401\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1401 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.(CVE-2018-1000007)\n\nWhen doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h22\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h22\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h22\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:39:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000007", "CVE-2017-1000100"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181427", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1427\");\n script_version(\"2020-01-23T11:26:08+0000\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2018-1000007\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:26:08 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:26:08 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1427)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1427\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1427\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1427 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.(CVE-2018-1000007)\n\nWhen doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h22\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h22\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h22\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:37:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1206)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000007", "CVE-2017-1000100"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191206", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191206", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1206\");\n script_version(\"2020-01-23T11:34:45+0000\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2018-1000007\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:34:45 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:34:45 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1206)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.4\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1206\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1206\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1206 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.CVE-2017-1000100\n\nIt was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.CVE-2018-1000007\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 2.5.4.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.4\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h7\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h7\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:36:39", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000007", "CVE-2017-1000100"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191002", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191002", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1002\");\n script_version(\"2020-01-23T11:26:52+0000\");\n script_cve_id(\"CVE-2017-1000100\", \"CVE-2018-1000007\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:26:52 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:26:52 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1002)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1002\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1002\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1002 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.(CVE-2018-1000007)\n\nWhen doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h7.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h7.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~46.h7.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:33:04", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1665)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407", "CVE-2016-0755", "CVE-2014-0015", "CVE-2018-16842"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191665", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1665\");\n script_version(\"2020-01-23T12:19:22+0000\");\n script_cve_id(\"CVE-2016-0755\", \"CVE-2017-7407\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:19:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:19:22 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1665)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1665\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1665\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1665 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\nThe ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~46.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:36:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1550)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5420", "CVE-2016-8616", "CVE-2016-8619", "CVE-2017-1000254", "CVE-2018-1000007", "CVE-2014-3707", "CVE-2017-1000100", "CVE-2013-2174", "CVE-2015-3143", "CVE-2016-7167", "CVE-2018-1000301", "CVE-2015-3148"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191550", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1550\");\n script_version(\"2020-01-23T13:52:22+0000\");\n script_cve_id(\"CVE-2013-2174\", \"CVE-2014-3707\", \"CVE-2015-3143\", \"CVE-2015-3148\", \"CVE-2016-5420\", \"CVE-2016-7167\", \"CVE-2016-8616\", \"CVE-2016-8619\", \"CVE-2017-1000100\", \"CVE-2017-1000254\", \"CVE-2018-1000007\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:52:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:12:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1550)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1550\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1550\");\n script_xref(name:\"URL\", value:\"https://github.com/curl/curl/commit/415d2e7cb7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1550 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content..(CVE-2018-1000301)\n\nIt was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-5420)\n\nIt was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.(CVE-2015-3143)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit 415d2e7cb7(see references), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254)\n\nIt was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h10\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h10\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:01", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1203)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2016-9586", "CVE-2018-1000301"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181203", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1203\");\n script_version(\"2020-01-23T11:17:20+0000\");\n script_cve_id(\"CVE-2016-9586\", \"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1203)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1203\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1203\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1203 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h20\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h20\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h20\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-2054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407", "CVE-2019-5436", "CVE-2016-0755", "CVE-2014-0015", "CVE-2018-16842"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192054", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2054\");\n script_version(\"2020-01-23T12:32:33+0000\");\n script_cve_id(\"CVE-2016-0755\", \"CVE-2017-7407\", \"CVE-2018-16842\", \"CVE-2019-5436\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:32:33 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:32:33 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-2054)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2054\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2054\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-2054 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436)\n\nThe ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nThe ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h25\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h25\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h25\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-29T20:06:59", "description": "Several vulnerabilities were discovered in cURL, an URL transfer\nlibrary.\n\nCVE-2016-7141\n\nWhen built with NSS and the libnsspem.so library is available at\nruntime, allows an remote attacker to hijack the authentication of a\nTLS connection by leveraging reuse of a previously loaded client\ncertificate from file for a connection for which no certificate has\nbeen set, a different vulnerability than CVE-2016-5420.\n\nCVE-2016-7167\n\nMultiple integer overflows in the (1) curl_escape, (2)\ncurl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape\nfunctions in libcurl allow attackers to have unspecified impact via\na string of length 0xffffffff, which triggers a heap-based buffer\noverflow.\n\nCVE-2016-9586\n\nCurl is vulnerable to a buffer overflow when doing a large floating\npoint output in libcurl", "cvss3": {}, "published": "2018-11-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for curl (DLA-1568-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5420", "CVE-2016-7141", "CVE-2016-9586", "CVE-2018-16839", "CVE-2016-7167", "CVE-2018-16842"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891568", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891568", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891568\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-5420\", \"CVE-2016-7141\", \"CVE-2016-7167\", \"CVE-2016-9586\", \"CVE-2018-16839\",\n \"CVE-2018-16842\");\n script_name(\"Debian LTS: Security Advisory for curl (DLA-1568-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-07 00:00:00 +0100 (Wed, 07 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n7.38.0-4+deb8u13.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in cURL, an URL transfer\nlibrary.\n\nCVE-2016-7141\n\nWhen built with NSS and the libnsspem.so library is available at\nruntime, allows an remote attacker to hijack the authentication of a\nTLS connection by leveraging reuse of a previously loaded client\ncertificate from file for a connection for which no certificate has\nbeen set, a different vulnerability than CVE-2016-5420.\n\nCVE-2016-7167\n\nMultiple integer overflows in the (1) curl_escape, (2)\ncurl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape\nfunctions in libcurl allow attackers to have unspecified impact via\na string of length 0xffffffff, which triggers a heap-based buffer\noverflow.\n\nCVE-2016-9586\n\nCurl is vulnerable to a buffer overflow when doing a large floating\npoint output in libcurl's implementation of the printf() functions.\nIf there are any applications that accept a format string from the\noutside without necessary input filtering, it could allow remote\nattacks.\n\nCVE-2018-16839\n\nCurl is vulnerable to a buffer overrun in the SASL authentication\ncode that may lead to denial of service.\n\nCVE-2018-16842\n\nCurl is vulnerable to a heap-based buffer over-read in the\ntool_msgs.c:voutf() function that may result in information exposure\nand denial of service.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u13\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:48", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407", "CVE-2013-6422", "CVE-2014-2522", "CVE-2018-1000007", "CVE-2014-0139", "CVE-2013-4545"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191172", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1172\");\n script_version(\"2020-01-23T11:33:34+0000\");\n script_cve_id(\"CVE-2013-4545\", \"CVE-2013-6422\", \"CVE-2014-0139\", \"CVE-2014-2522\", \"CVE-2017-7407\", \"CVE-2018-1000007\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:33:34 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:33:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1172)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1172\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1172\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1172 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.CVE-2013-4545\n\nThe GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.CVE-2013-6422\n\ncURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.CVE-2014-0139\n\ncurl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.CVE-2014-2522\n\nThe ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.CVE-2017-7407\n\nIt was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.CVE-2018-1000007\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h24\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h24\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-9dc7338487", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2018-1000007", "CVE-2018-1000300", "CVE-2017-8816", "CVE-2017-1000257", "CVE-2018-1000005", "CVE-2018-1000301"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9dc7338487_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-9dc7338487\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874598\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-24 05:57:24 +0200 (Thu, 24 May 2018)\");\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\", \"CVE-2018-1000120\", \"CVE-2018-1000121\",\n \"CVE-2018-1000122\", \"CVE-2018-1000005\", \"CVE-2018-1000007\", \"CVE-2017-8816\",\n \"CVE-2017-8817\", \"CVE-2017-1000257\", \"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-9dc7338487\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9dc7338487\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IG5IEI7K4IAV5R7FO6MDFXB3NU3CED7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~11.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-22T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-ba443bcb6d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2018-1000007", "CVE-2018-1000300", "CVE-2018-14618", "CVE-2017-8816", "CVE-2017-1000257", "CVE-2018-1000005", "CVE-2018-1000301"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875089", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ba443bcb6d_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-ba443bcb6d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875089\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-22 08:12:29 +0200 (Sat, 22 Sep 2018)\");\n script_cve_id(\"CVE-2018-14618\", \"CVE-2018-1000300\", \"CVE-2018-1000301\", \"CVE-2018-1000120\",\n \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000005\", \"CVE-2018-1000007\",\n \"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-1000257\", \"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-ba443bcb6d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ba443bcb6d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4CPYBJNZ43GUMZI5MTLBBPGT44TLYQK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~14.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:40", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-07T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT208331)-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798", "CVE-2017-13844", "CVE-2017-13869", "CVE-2017-3735", "CVE-2017-7172", "CVE-2017-13904", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-1000254", "CVE-2017-7159", "CVE-2017-15422", "CVE-2017-13868", "CVE-2017-13847", "CVE-2017-13833", "CVE-2017-13867", "CVE-2017-10002", "CVE-2017-7173", "CVE-2017-7154", "CVE-2017-13862"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310812401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_HT208331_02.nasl 14295 2019-03-18 20:16:46Z cfischer $\n#\n# Apple MacOSX Security Updates(HT208331)-02\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812401\");\n script_version(\"$Revision: 14295 $\");\n script_cve_id(\"CVE-2017-13868\", \"CVE-2017-13869\", \"CVE-2017-3735\", \"CVE-2017-13855\",\n\t\t\"CVE-2017-13844\", \"CVE-2017-9798\", \"CVE-2017-13847\", \"CVE-2017-13833\",\n\t\t\"CVE-2017-10002\", \"CVE-2017-13867\", \"CVE-2017-13862\", \"CVE-2017-7172\",\n \"CVE-2017-1000254\", \"CVE-2017-15422\", \"CVE-2017-7159\", \"CVE-2017-7162\",\n \"CVE-2017-13904\", \"CVE-2017-7173\", \"CVE-2017-7154\");\n script_bugtraq_id(100515, 100872, 101946);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 21:16:46 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-07 10:51:36 +0530 (Thu, 07 Dec 2017)\");\n script_name(\"Apple MacOSX Security Updates(HT208331)-02\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Security update includes,\n\n - A validation issue was addressed with improved input sanitization.\n\n - An out-of-bounds read issue existed in X.509 IPAddressFamily parsing.\n\n - A type confusion issue was addressed with improved memory handling.\n\n - A memory corruption issue was addressed with improved memory handling.\n\n - Multiple issues were addressed by updating to version 2.4.28.\n\n - Multiple memory corruption issues were addressed through improved state management.\n\n - An out-of-bounds read was addressed with improved bounds checking.\n\n - An out-of-bounds read issue existed in the FTP PWD response parsing.\n\n - An integer overflow error.\n\n - An input validation issue existed in the kernel.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to read restricted memory, execute arbitrary code with system\n privileges.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions,\n 10.13.x through 10.13.1, 10.12.x through 10.12.6, 10.11.x through 10.11.6\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate security patch from\n the reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208331\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[1-3]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[1-3]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nbuildVer = get_kb_item(\"ssh/login/osx_build\");\n\nif(osVer =~ \"^10\\.11\")\n{\n if(version_in_range(version:osVer, test_version:\"10.11\", test_version2:\"10.11.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.11.6\")\n {\n if(osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G18013\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nif(osVer =~ \"^10\\.12\")\n{\n if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.12.6\")\n {\n if(osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1114\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nelse if(osVer == \"10.13.1\"){\n fix = \"10.13.2\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8623", "CVE-2018-1000120", "CVE-2016-8615", "CVE-2014-3613", "CVE-2014-8150", "CVE-2016-8618", "CVE-2018-1000121", "CVE-2016-7141", "CVE-2017-8817", "CVE-2016-8617", "CVE-2018-1000122", "CVE-2013-1944", "CVE-2016-8622", "CVE-2017-1000257", "CVE-2014-0015", "CVE-2016-8624", "CVE-2016-9586", "CVE-2016-5419", "CVE-2014-0138", "CVE-2016-8621"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191549", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1549\");\n script_version(\"2020-01-23T14:23:06+0000\");\n script_cve_id(\"CVE-2013-1944\", \"CVE-2014-0015\", \"CVE-2014-0138\", \"CVE-2014-3613\", \"CVE-2014-8150\", \"CVE-2016-5419\", \"CVE-2016-7141\", \"CVE-2016-8615\", \"CVE-2016-8617\", \"CVE-2016-8618\", \"CVE-2016-8621\", \"CVE-2016-8622\", \"CVE-2016-8623\", \"CVE-2016-8624\", \"CVE-2016-9586\", \"CVE-2017-1000257\", \"CVE-2017-8817\", \"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:23:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:12:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1549)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1549\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1549\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1549 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nIt was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.(CVE-2016-8623)\n\nThe URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.(CVE-2016-8622)\n\nIt was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-5419)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\ncurl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.(CVE-2016-8624)\n\nThe `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.(CVE-2016-8621)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\ncurl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.(CVE-2016-9586)\n\nThe FTP wildcard function in curl and libcurl before 7.57. ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h10\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h10\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:18:49", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-07-20T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-HT207922", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7045", "CVE-2017-7016", "CVE-2017-7062", "CVE-2017-7054", "CVE-2017-7008", "CVE-2017-7035", "CVE-2017-7026", "CVE-2017-7017", "CVE-2017-7014", "CVE-2017-2629", "CVE-2016-9594", "CVE-2017-7036", "CVE-2017-9417", "CVE-2017-7033", "CVE-2017-7015", "CVE-2017-7044", "CVE-2017-7025", "CVE-2017-7069", "CVE-2016-9586", "CVE-2017-7050", "CVE-2017-7468", "CVE-2017-7068", "CVE-2017-7027"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310811536", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811536", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-HT207922\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811536\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-7016\", \"CVE-2017-7033\", \"CVE-2017-7015\", \"CVE-2017-7050\",\n \"CVE-2017-7054\", \"CVE-2017-7062\", \"CVE-2017-7008\", \"CVE-2016-9586\",\n \"CVE-2016-9594\", \"CVE-2017-2629\", \"CVE-2017-7468\", \"CVE-2017-7014\",\n \"CVE-2017-7017\", \"CVE-2017-7035\", \"CVE-2017-7044\", \"CVE-2017-7036\",\n \"CVE-2017-7045\", \"CVE-2017-7025\", \"CVE-2017-7027\", \"CVE-2017-7069\",\n \"CVE-2017-7026\", \"CVE-2017-7068\", \"CVE-2017-9417\");\n script_bugtraq_id(99882, 99883, 99880, 95019, 95094, 96382, 97962, 99482);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-20 12:23:38 +0530 (Thu, 20 Jul 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-HT207922\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A buffer overflow error.\n\n - Multiple input validation issues.\n\n - Multiple issues in curl.\n\n - An input validation issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to obtain sensitive information, gain extra privileges and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x before\n 10.12.6\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.12.6 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207922\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.12\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.12\")\n{\n if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.12.6\");\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:06:09", "description": "Daniel Stenberg discovered that curl incorrectly handled large floating \npoint output. A remote attacker could use this issue to cause curl to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n(CVE-2016-9586)\n\nEven Rouault discovered that curl incorrectly handled large file names when \ndoing TFTP transfers. A remote attacker could use this issue to cause curl \nto crash, resulting in a denial of service, or possibly obtain sensitive \nmemory contents. (CVE-2017-1000100)\n\nBrian Carpenter and Yongji Ouyang discovered that curl incorrectly handled \nnumerical range globbing. A remote attacker could use this issue to cause \ncurl to crash, resulting in a denial of service, or possibly obtain \nsensitive memory contents. (CVE-2017-1000101)\n\nMax Dymond discovered that curl incorrectly handled FTP PWD responses. A \nremote attacker could use this issue to cause curl to crash, resulting in a \ndenial of service. (CVE-2017-1000254)\n\nBrian Carpenter discovered that curl incorrectly handled the --write-out \ncommand line option. A local attacker could possibly use this issue to \nobtain sensitive memory contents. (CVE-2017-7407)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-10T00:00:00", "type": "ubuntu", "title": "curl vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000100", "CVE-2016-9586", "CVE-2017-1000101", "CVE-2017-7407"], "modified": "2017-10-10T00:00:00", "id": "USN-3441-1", "href": "https://ubuntu.com/security/notices/USN-3441-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:05:27", "description": "USN-3441-1 fixed several vulnerabilities in curl. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nDaniel Stenberg discovered that curl incorrectly handled large floating \npoint output. A remote attacker could use this issue to cause curl to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-9586)\n\nEven Rouault discovered that curl incorrectly handled large file names when \ndoing TFTP transfers. A remote attacker could use this issue to cause curl \nto crash, resulting in a denial of service, or possibly obtain sensitive \nmemory contents. (CVE-2017-1000100)\n\nBrian Carpenter and Yongji Ouyang discovered that curl incorrectly handled \nnumerical range globbing. A remote attacker could use this issue to cause \ncurl to crash, resulting in a denial of service, or possibly obtain \nsensitive memory contents. (CVE-2017-1000101)\n\nMax Dymond discovered that curl incorrectly handled FTP PWD responses. A \nremote attacker could use this issue to cause curl to crash, resulting in a \ndenial of service. (CVE-2017-1000254)\n\nBrian Carpenter discovered that curl incorrectly handled IMAP FETCH \nresponse lines. A remote attacker could use this issue to cause curl to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode.(CVE-2017-1000257)\n\nBrian Carpenter discovered that curl incorrectly handled the --write-out \ncommand line option. A local attacker could possibly use this issue to \nobtain sensitive memory contents. (CVE-2017-7407)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-10-23T00:00:00", "type": "ubuntu", "title": "curl vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-1000257", "CVE-2016-9586", "CVE-2017-1000101", "CVE-2017-7407", "CVE-2017-1000100"], "modified": "2017-10-23T00:00:00", "id": "USN-3441-2", "href": "https://ubuntu.com/security/notices/USN-3441-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T21:53:57", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3992-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 06, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254\nDebian Bug : 871554 871555 877671\n\nSeveral vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2017-1000100\n\n Even Rouault reported that cURL does not properly handle long file\n names when doing an TFTP upload. A malicious HTTP(S) server can take\n advantage of this flaw by redirecting a client using the cURL\n library to a crafted TFTP URL and trick it to send private memory\n contents to a remote server over UDP.\n\nCVE-2017-1000101\n\n Brian Carpenter and Yongji Ouyang reported that cURL contains a flaw\n in the globbing function that parses the numerical range, leading to\n an out-of-bounds read when parsing a specially crafted URL.\n\nCVE-2017-1000254\n\n Max Dymond reported that cURL contains an out-of-bounds read flaw in\n the FTP PWD response parser. A malicious server can take advantage\n of this flaw to effectively prevent a client using the cURL library\n to work with it, causing a denial of service.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u6.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u1.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-06T20:43:43", "type": "debian", "title": "[SECURITY] [DSA 3992-1] curl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254"], "modified": "2017-10-06T20:43:43", "id": "DEBIAN:DSA-3992-1:192C5", "href": "https://lists.debian.org/debian-security-announce/2017/msg00254.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T01:01:56", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3992-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 06, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254\nDebian Bug : 871554 871555 877671\n\nSeveral vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2017-1000100\n\n Even Rouault reported that cURL does not properly handle long file\n names when doing an TFTP upload. A malicious HTTP(S) server can take\n advantage of this flaw by redirecting a client using the cURL\n library to a crafted TFTP URL and trick it to send private memory\n contents to a remote server over UDP.\n\nCVE-2017-1000101\n\n Brian Carpenter and Yongji Ouyang reported that cURL contains a flaw\n in the globbing function that parses the numerical range, leading to\n an out-of-bounds read when parsing a specially crafted URL.\n\nCVE-2017-1000254\n\n Max Dymond reported that cURL contains an out-of-bounds read flaw in\n the FTP PWD response parser. A malicious server can take advantage\n of this flaw to effectively prevent a client using the cURL library\n to work with it, causing a denial of service.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u6.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u1.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope&qu
USN-3441-1: curl vulnerabilities | Cloud Foundry
