ID CVE-2013-2174 Type cve Reporter cve@mitre.org Modified 2019-04-22T17:48:00
Description
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
{"slackware": [{"lastseen": "2019-05-30T07:36:41", "bulletinFamily": "unix", "description": "New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,\n14.0, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/curl-7.29.0-i486-3_slack14.0.txz: Rebuilt.\n This fixes a minor security issue where a decode buffer boundary flaw in\n libcurl could lead to heap corruption.\n For more information, see:\n http://curl.haxx.se/docs/adv_20130622.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/curl-7.16.2-i486-4_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/curl-7.19.6-i486-2_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.19.6-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.19.6-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.20.1-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.20.1-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.21.4-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.21.4-x86_64-2_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.29.0-i486-3_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.29.0-x86_64-3_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.31.0-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.31.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\n039f86b776fa836abe4f4153329bf4ab curl-7.16.2-i486-4_slack12.1.tgz\n\nSlackware 12.2 package:\n4cd279f928fa4e261f7b25cd5623ca1f curl-7.19.6-i486-2_slack12.2.tgz\n\nSlackware 13.0 package:\n271bb8f3842426959bd8dc62c9f91513 curl-7.19.6-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nb480f2128bf50e14a8943909b6aae236 curl-7.19.6-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\ndc472f71102bec4454ee8cb9e01ab5ca curl-7.20.1-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n156aaad5fe806e6fdf8c2d01cf9a8f9d curl-7.20.1-x86_64-2_slack13.1.txz\n\nSlackware 13.37 package:\na52a03c063bf8e7fec021fbfb0bee2d7 curl-7.21.4-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n555ac66549322d731bf1e9940a145584 curl-7.21.4-x86_64-2_slack13.37.txz\n\nSlackware 14.0 package:\n4073372f0426b39c992f370b72638f4b curl-7.29.0-i486-3_slack14.0.txz\n\nSlackware x86_64 14.0 package:\na1580d839db13701f8775e77eeb4920b curl-7.29.0-x86_64-3_slack14.0.txz\n\nSlackware -current package:\n4ba53a308a7cf0545a1ecff82f216e20 n/curl-7.31.0-i486-1.txz\n\nSlackware x86_64 -current package:\nce783176b2c2e1bc117917ceb4fbfbdf n/curl-7.31.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg curl-7.29.0-i486-3_slack14.0.txz", "modified": "2013-06-23T15:07:06", "published": "2013-06-23T15:07:06", "id": "SSA-2013-174-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.499592", "title": "curl", "type": "slackware", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "unix", "description": "[7.19.7-37]\n- fix heap-based buffer overflow in curl_easy_unescape() (CVE-2013-2174)", "modified": "2013-06-25T00:00:00", "published": "2013-06-25T00:00:00", "id": "ELSA-2013-0983", "href": "http://linux.oracle.com/errata/ELSA-2013-0983.html", "title": "curl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:41:37", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 60737\r\nCVE(CAN) ID: CVE-2013-2174\r\n\r\ncURL\u662f\u547d\u4ee4\u884c\u4f20\u8f93\u6587\u4ef6\u5de5\u5177\uff0c\u652f\u6301FTP\u3001FTPS\u3001HTTP\u3001HTTPS\u3001GOPHER\u3001TELNET\u3001DICT\u3001FILE\u548cLDAP\u3002\r\n\r\ncURL 7.7 - 7.30.0\u7248\u672c\u5185\u7684\u51fd\u6570"curl_easy_unescape()"(lib/escape.c)\u5c06URL\u7f16\u7801\u7684\u5b57\u7b26\u4e32\u89e3\u7801\u4e3a\u539f\u59cb\u4e8c\u8fdb\u5236\u6570\u636e\u65f6\u51fa\u73b0\u8fb9\u754c\u9519\u8bef\uff0c\u6b64\u6f0f\u6d1e\u53ef\u88ab\u5229\u7528\u9020\u6210\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\n0\ncURL 7.x\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u5efa\u8bae\u60a8\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\u4ee5\u964d\u4f4e\u5a01\u80c1\uff1a\r\n\r\n* \u5347\u7ea7\u5230curl/libcurl 7.31.0\r\n\r\n* \u5e94\u7528\u8865\u4e01\uff0c\u91cd\u5efalibcurl\r\n\r\n http://curl.haxx.se/libcurl-unescape.patch\r\n\r\n* \u590d\u6838curl_easy_unescape()\uff0c\u6216\u4e0d\u4f7f\u7528\u6b64\u51fd\u6570\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\ncURL\r\n----\r\ncURL\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08adv_20130622\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nadv_20130622\uff1alibcurl URL decode buffer boundary flaw\r\n\u94fe\u63a5\uff1ahttp://curl.haxx.se/docs/adv_20130622.html\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1ahttp://curl.haxx.se/libcurl-unescape.patch", "modified": "2013-06-26T00:00:00", "published": "2013-06-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60852", "id": "SSV:60852", "title": "cURL/libcURL 'curl_easy_unescape()'\u5806\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:180\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : curl\r\n Date : June 27, 2013\r\n Affected: Business Server 1.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in curl:\r\n \r\n libcurl is vulnerable to a case of bad checking of the input data\r\n which may lead to heap corruption. The function curl_easy_unescape()\r\n decodes URL encoded strings to raw binary data. URL encoded octets are\r\n represented with \%HH combinations where HH is a two-digit hexadecimal\r\n number. The decoded string is written to an allocated memory area\r\n that the function returns to the caller (CVE-2013-2174).\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174\r\n http://curl.haxx.se/docs/adv_20130622.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n b67f07d5bfef732e46c73127186a4bc3 mes5/i586/curl-7.19.0-2.7mdvmes5.2.i586.rpm\r\n 6a067acb5315f6bd23307fda4da508ad mes5/i586/curl-examples-7.19.0-2.7mdvmes5.2.i586.rpm\r\n a7c6c2f0a0cd1060b8a7a1ebc58fabaa mes5/i586/libcurl4-7.19.0-2.7mdvmes5.2.i586.rpm\r\n 69558e117e489d890a0c316ee65f5af5 mes5/i586/libcurl-devel-7.19.0-2.7mdvmes5.2.i586.rpm \r\n f9d1dffcfdfba6f5bf562367c855cdbd mes5/SRPMS/curl-7.19.0-2.7mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 84136245be8d68485b44098b13978e2b mes5/x86_64/curl-7.19.0-2.7mdvmes5.2.x86_64.rpm\r\n 0ad99a19f59cc109d3d54690360e3e14 mes5/x86_64/curl-examples-7.19.0-2.7mdvmes5.2.x86_64.rpm\r\n 10b8613b86eee782dc3cf3b2c636054a mes5/x86_64/lib64curl4-7.19.0-2.7mdvmes5.2.x86_64.rpm\r\n 5ce1e7e7564ed6f4d54cb9aba9a0c25c mes5/x86_64/lib64curl-devel-7.19.0-2.7mdvmes5.2.x86_64.rpm \r\n f9d1dffcfdfba6f5bf562367c855cdbd mes5/SRPMS/curl-7.19.0-2.7mdvmes5.2.src.rpm\r\n\r\n Mandriva Business Server 1/X86_64:\r\n a058a7d1693791161fb8df94484242a3 mbs1/x86_64/curl-7.24.0-2.2.mbs1.x86_64.rpm\r\n e5a95ff0b6e939678e03899d93b3bf4c mbs1/x86_64/curl-examples-7.24.0-2.2.mbs1.x86_64.rpm\r\n 44eef308df01e82fb67ef420cef9a52d mbs1/x86_64/lib64curl4-7.24.0-2.2.mbs1.x86_64.rpm\r\n 6f1e301a381d5ffc7cf8380918ab34ee mbs1/x86_64/lib64curl-devel-7.24.0-2.2.mbs1.x86_64.rpm \r\n d51e83363cf2bf8586137e2ec60c4f96 mbs1/SRPMS/curl-7.24.0-2.2.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFRy/9rmqjQ0CJFipgRAoECAJ91OymO0S93QW+5QBG4UkmauzlJjwCgqBTJ\r\n68iHiQwidCQQHiHxidA3BTs=\r\n=oJLi\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-07-01T00:00:00", "published": "2013-07-01T00:00:00", "id": "SECURITYVULNS:DOC:29487", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29487", "title": "[ MDVSA-2013:180 ] curl", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "description": "Uninitialized memory access in curl_easy_unescape()", "modified": "2013-07-01T00:00:00", "published": "2013-07-01T00:00:00", "id": "SECURITYVULNS:VULN:13144", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13144", "title": "libcurl uninitialized memory reference", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-25T10:51:37", "bulletinFamily": "scanner", "description": "Check for the Version of curl", "modified": "2017-07-10T00:00:00", "published": "2013-06-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881754", "id": "OPENVAS:881754", "title": "CentOS Update for curl CESA-2013:0983 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for curl CESA-2013:0983 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"cURL provides the libcurl library and a command line tool for downloading\n files from servers using various protocols, including HTTP, FTP, and LDAP.\n\n A heap-based buffer overflow flaw was found in the way libcurl unescaped\n URLs. A remote attacker could provide a specially-crafted URL that, when\n processed by an application using libcurl that handles untrusted URLs,\n would possibly cause it to crash or, potentially, execute arbitrary code.\n (CVE-2013-2174)\n\n Red Hat would like to thank the cURL project for reporting this issue.\n Upstream acknowledges Timo Sirainen as the original reporter.\n\n Users of curl should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications using\n libcurl must be restarted for the update to take effect.\";\n\n\ntag_affected = \"curl on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881754);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:58:15 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for curl CESA-2013:0983 centos5 \");\n\n script_xref(name: \"CESA\", value: \"2013:0983\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-June/019815.html\");\n script_summary(\"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.15.5~17.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-devel\", rpm:\"curl-devel~7.15.5~17.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:1361412562310871013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871013", "title": "RedHat Update for curl RHSA-2013:0983-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for curl RHSA-2013:0983-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871013\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:56:45 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for curl RHSA-2013:0983-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0983-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-June/msg00023.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"curl on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"cURL provides the libcurl library and a command line tool for downloading\n files from servers using various protocols, including HTTP, FTP, and LDAP.\n\n A heap-based buffer overflow flaw was found in the way libcurl unescaped\n URLs. A remote attacker could provide a specially-crafted URL that, when\n processed by an application using libcurl that handles untrusted URLs,\n would possibly cause it to crash or, potentially, execute arbitrary code.\n (CVE-2013-2174)\n\n Red Hat would like to thank the cURL project for reporting this issue.\n Upstream acknowledges Timo Sirainen as the original reporter.\n\n Users of curl should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications using\n libcurl must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~37.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.19.7~37.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~37.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~37.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.15.5~17.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.15.5~17.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-devel\", rpm:\"curl-devel~7.15.5~17.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:1361412562310881754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881754", "title": "CentOS Update for curl CESA-2013:0983 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for curl CESA-2013:0983 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881754\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:58:15 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for curl CESA-2013:0983 centos5\");\n\n script_xref(name:\"CESA\", value:\"2013:0983\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-June/019815.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"curl on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"cURL provides the libcurl library and a command line tool for downloading\n files from servers using various protocols, including HTTP, FTP, and LDAP.\n\n A heap-based buffer overflow flaw was found in the way libcurl unescaped\n URLs. A remote attacker could provide a specially-crafted URL that, when\n processed by an application using libcurl that handles untrusted URLs,\n would possibly cause it to crash or, potentially, execute arbitrary code.\n (CVE-2013-2174)\n\n Red Hat would like to thank the cURL project for reporting this issue.\n Upstream acknowledges Timo Sirainen as the original reporter.\n\n Users of curl should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications using\n libcurl must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.15.5~17.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-devel\", rpm:\"curl-devel~7.15.5~17.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:57", "bulletinFamily": "scanner", "description": "Timo Sirainen discovered that cURL, an URL transfer library, is prone to\na heap overflow vulnerability due to bad checking of the input data in\nthe curl_easy_unescape function.\n\nThe curl command line tool is not affected by this problem as it doesn't\nuse the curl_easy_unescape function.", "modified": "2017-07-07T00:00:00", "published": "2013-06-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892713", "id": "OPENVAS:892713", "title": "Debian Security Advisory DSA 2713-1 (curl - heap overflow)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2713.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2713-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"curl on Debian Linux\";\ntag_insight = \"curl is a client to get files from servers using any of the supported\nprotocols. The command is designed to work without user interaction\nor any kind of interactivity.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze4.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.31.0-1.\n\nWe recommend that you upgrade your curl packages.\";\ntag_summary = \"Timo Sirainen discovered that cURL, an URL transfer library, is prone to\na heap overflow vulnerability due to bad checking of the input data in\nthe curl_easy_unescape function.\n\nThe curl command line tool is not affected by this problem as it doesn't\nuse the curl_easy_unescape function.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892713);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-2174\");\n script_name(\"Debian Security Advisory DSA 2713-1 (curl - heap overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-06-24 00:00:00 +0200 (Mon, 24 Jun 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2713.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:09:39", "bulletinFamily": "scanner", "description": "Check for the Version of curl", "modified": "2018-01-22T00:00:00", "published": "2013-06-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871013", "id": "OPENVAS:871013", "title": "RedHat Update for curl RHSA-2013:0983-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for curl RHSA-2013:0983-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"cURL provides the libcurl library and a command line tool for downloading\n files from servers using various protocols, including HTTP, FTP, and LDAP.\n\n A heap-based buffer overflow flaw was found in the way libcurl unescaped\n URLs. A remote attacker could provide a specially-crafted URL that, when\n processed by an application using libcurl that handles untrusted URLs,\n would possibly cause it to crash or, potentially, execute arbitrary code.\n (CVE-2013-2174)\n\n Red Hat would like to thank the cURL project for reporting this issue.\n Upstream acknowledges Timo Sirainen as the original reporter.\n\n Users of curl should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications using\n libcurl must be restarted for the update to take effect.\";\n\n\ntag_affected = \"curl on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(871013);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:56:45 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for curl RHSA-2013:0983-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0983-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-June/msg00023.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~37.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.19.7~37.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~37.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~37.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.15.5~17.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.15.5~17.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-devel\", rpm:\"curl-devel~7.15.5~17.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "scanner", "description": "Timo Sirainen discovered that cURL, an URL transfer library, is prone to\na heap overflow vulnerability due to bad checking of the input data in\nthe curl_easy_unescape function.\n\nThe curl command line tool is not affected by this problem as it doesn", "modified": "2019-03-18T00:00:00", "published": "2013-06-24T00:00:00", "id": "OPENVAS:1361412562310892713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892713", "title": "Debian Security Advisory DSA 2713-1 (curl - heap overflow)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2713.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2713-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892713\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-2174\");\n script_name(\"Debian Security Advisory DSA 2713-1 (curl - heap overflow)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-24 00:00:00 +0200 (Mon, 24 Jun 2013)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2713.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze4.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.31.0-1.\n\nWe recommend that you upgrade your curl packages.\");\n script_tag(name:\"summary\", value:\"Timo Sirainen discovered that cURL, an URL transfer library, is prone to\na heap overflow vulnerability due to bad checking of the input data in\nthe curl_easy_unescape function.\n\nThe curl command line tool is not affected by this problem as it doesn't\nuse the curl_easy_unescape function.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:09:03", "bulletinFamily": "scanner", "description": "Check for the Version of curl", "modified": "2018-01-17T00:00:00", "published": "2013-06-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881758", "id": "OPENVAS:881758", "title": "CentOS Update for curl CESA-2013:0983 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for curl CESA-2013:0983 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"cURL provides the libcurl library and a command line tool for downloading\n files from servers using various protocols, including HTTP, FTP, and LDAP.\n\n A heap-based buffer overflow flaw was found in the way libcurl unescaped\n URLs. A remote attacker could provide a specially-crafted URL that, when\n processed by an application using libcurl that handles untrusted URLs,\n would possibly cause it to crash or, potentially, execute arbitrary code.\n (CVE-2013-2174)\n\n Red Hat would like to thank the cURL project for reporting this issue.\n Upstream acknowledges Timo Sirainen as the original reporter.\n\n Users of curl should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications using\n libcurl must be restarted for the update to take effect.\";\n\n\ntag_affected = \"curl on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881758);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:59:47 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for curl CESA-2013:0983 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:0983\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-June/019810.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~37.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~37.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~37.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:1361412562310841498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841498", "title": "Ubuntu Update for curl USN-1894-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1894_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for curl USN-1894-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841498\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 13:18:07 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for curl USN-1894-1\");\n\n script_xref(name:\"USN\", value:\"1894-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1894-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS|12\\.10|13\\.04)\");\n script_tag(name:\"affected\", value:\"curl on Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Timo Sirainen discovered that libcurl incorrectly handled memory when\n parsing URL encoded strings. An attacker could possibly use this issue to\n cause libcurl to crash, leading to a denial of service, or execute\n arbitrary code.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.22.0-3ubuntu4.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.22.0-3ubuntu4.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.22.0-3ubuntu4.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.19.7-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.19.7-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.27.0-1ubuntu1.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.27.0-1ubuntu1.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.27.0-1ubuntu1.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.29.0-1ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.29.0-1ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.29.0-1ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-06-27T00:00:00", "id": "OPENVAS:1361412562310881758", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881758", "title": "CentOS Update for curl CESA-2013:0983 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for curl CESA-2013:0983 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881758\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-27 09:59:47 +0530 (Thu, 27 Jun 2013)\");\n script_cve_id(\"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for curl CESA-2013:0983 centos6\");\n\n script_xref(name:\"CESA\", value:\"2013:0983\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-June/019810.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"curl on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"cURL provides the libcurl library and a command line tool for downloading\n files from servers using various protocols, including HTTP, FTP, and LDAP.\n\n A heap-based buffer overflow flaw was found in the way libcurl unescaped\n URLs. A remote attacker could provide a specially-crafted URL that, when\n processed by an application using libcurl that handles untrusted URLs,\n would possibly cause it to crash or, potentially, execute arbitrary code.\n (CVE-2013-2174)\n\n Red Hat would like to thank the cURL project for reporting this issue.\n Upstream acknowledges Timo Sirainen as the original reporter.\n\n Users of curl should upgrade to these updated packages, which contain a\n backported patch to correct this issue. All running applications using\n libcurl must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~37.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~37.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~37.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-23T13:09:41", "bulletinFamily": "scanner", "description": "Check for the Version of curl", "modified": "2018-01-23T00:00:00", "published": "2013-07-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841498", "id": "OPENVAS:841498", "title": "Ubuntu Update for curl USN-1894-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1894_1.nasl 8494 2018-01-23 06:57:55Z teissa $\n#\n# Ubuntu Update for curl USN-1894-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"curl on Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\ntag_insight = \"Timo Sirainen discovered that libcurl incorrectly handled memory when\n parsing URL encoded strings. An attacker could possibly use this issue to\n cause libcurl to crash, leading to a denial of service, or execute\n arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(841498);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 13:18:07 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for curl USN-1894-1\");\n\n script_xref(name: \"USN\", value: \"1894-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1894-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.22.0-3ubuntu4.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.22.0-3ubuntu4.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.22.0-3ubuntu4.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.19.7-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.19.7-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.27.0-1ubuntu1.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.27.0-1ubuntu1.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.27.0-1ubuntu1.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.29.0-1ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.29.0-1ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.29.0-1ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-03T12:29:42", "bulletinFamily": "scanner", "description": "This update of compat-curl2 fixes a security vulnerability :\n\n - libcurl URL decode buffer boundary flaw (bnc#824517 /\n CVE-2013-2174)", "modified": "2019-11-02T00:00:00", "id": "SUSE_COMPAT-CURL2-8621.NASL", "href": "https://www.tenable.com/plugins/nessus/67222", "published": "2013-07-10T00:00:00", "title": "SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 8621)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67222);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/08/01 10:50:40 $\");\n\n script_cve_id(\"CVE-2013-2174\");\n\n script_name(english:\"SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 8621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of compat-curl2 fixes a security vulnerability :\n\n - libcurl URL decode buffer boundary flaw (bnc#824517 /\n CVE-2013-2174)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2174.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8621.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"compat-curl2-7.11.0-20.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"compat-curl2-32bit-7.11.0-20.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"compat-curl2-7.11.0-20.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"compat-curl2-32bit-7.11.0-20.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:17:48", "bulletinFamily": "scanner", "description": "This update of curl fixes a security issue in libcurl URL buffer\ndecoding. (bnc#824517 / CVE-2013-2174)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_CURL-130625.NASL", "href": "https://www.tenable.com/plugins/nessus/68948", "published": "2013-07-18T00:00:00", "title": "SuSE 11.3 Security Update : curl (SAT Patch Number 7932)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68948);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:41:52 $\");\n\n script_cve_id(\"CVE-2013-2174\");\n\n script_name(english:\"SuSE 11.3 Security Update : curl (SAT Patch Number 7932)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of curl fixes a security issue in libcurl URL buffer\ndecoding. (bnc#824517 / CVE-2013-2174)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2174.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7932.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"curl-7.19.7-1.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libcurl4-7.19.7-1.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"curl-7.19.7-1.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-7.19.7-1.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"curl-7.19.7-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libcurl4-7.19.7-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libcurl4-32bit-7.19.7-1.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:20:44", "bulletinFamily": "scanner", "description": "Updated curl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nA heap-based buffer overflow flaw was found in the way libcurl\nunescaped URLs. A remote attacker could provide a specially crafted\nURL that, when processed by an application using libcurl that handles\nuntrusted URLs, would possibly cause it to crash or, potentially,\nexecute arbitrary code. (CVE-2013-2174)\n\nRed Hat would like to thank the cURL project for reporting this issue.\nUpstream acknowledges Timo Sirainen as the original reporter.\n\nUsers of curl should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running applications\nusing libcurl must be restarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2013-0983.NASL", "href": "https://www.tenable.com/plugins/nessus/66981", "published": "2013-06-26T00:00:00", "title": "RHEL 5 / 6 : curl (RHSA-2013:0983)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0983. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66981);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2013-2174\");\n script_bugtraq_id(60737);\n script_xref(name:\"RHSA\", value:\"2013:0983\");\n\n script_name(english:\"RHEL 5 / 6 : curl (RHSA-2013:0983)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nA heap-based buffer overflow flaw was found in the way libcurl\nunescaped URLs. A remote attacker could provide a specially crafted\nURL that, when processed by an application using libcurl that handles\nuntrusted URLs, would possibly cause it to crash or, potentially,\nexecute arbitrary code. (CVE-2013-2174)\n\nRed Hat would like to thank the cURL project for reporting this issue.\nUpstream acknowledges Timo Sirainen as the original reporter.\n\nUsers of curl should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running applications\nusing libcurl must be restarted for the update to take effect.\"\n );\n # http://curl.haxx.se/docs/adv_20130622.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2013-2174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2174\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0983\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"curl-7.15.5-17.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"curl-debuginfo-7.15.5-17.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"curl-devel-7.15.5-17.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"curl-7.19.7-37.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"curl-7.19.7-37.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"curl-7.19.7-37.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"curl-debuginfo-7.19.7-37.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libcurl-7.19.7-37.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libcurl-devel-7.19.7-37.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-devel / libcurl / libcurl-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:13:00", "bulletinFamily": "scanner", "description": "A heap-based buffer overflow flaw was found in the way libcurl\nunescaped URLs. A remote attacker could provide a specially crafted\nURL that, when processed by an application using libcurl that handles\nuntrusted URLs, would possibly cause it to crash or, potentially,\nexecute arbitrary code. (CVE-2013-2174)\n\nAll running applications using libcurl must be restarted for the\nupdate to take effect.", "modified": "2019-11-02T00:00:00", "id": "SL_20130625_CURL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/66982", "published": "2013-06-26T00:00:00", "title": "Scientific Linux Security Update : curl on SL5.x, SL6.x i386/srpm/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66982);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2013-2174\");\n\n script_name(english:\"Scientific Linux Security Update : curl on SL5.x, SL6.x i386/srpm/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was found in the way libcurl\nunescaped URLs. A remote attacker could provide a specially crafted\nURL that, when processed by an application using libcurl that handles\nuntrusted URLs, would possibly cause it to crash or, potentially,\nexecute arbitrary code. (CVE-2013-2174)\n\nAll running applications using libcurl must be restarted for the\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1306&L=scientific-linux-errata&T=0&P=2344\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70c4d1b9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"curl-7.15.5-17.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"curl-debuginfo-7.15.5-17.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"curl-debuginfo-7.15.5-17.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"curl-devel-7.15.5-17.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"curl-7.19.7-37.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"curl-debuginfo-7.19.7-37.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"curl-debuginfo-7.19.7-37.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libcurl-7.19.7-37.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libcurl-devel-7.19.7-37.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:17:48", "bulletinFamily": "scanner", "description": "This update of curl fixes several security issues :\n\n - libcurl URL decode buffer boundary flaw (bnc#824517 /\n CVE-2013-2174)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_CURL-130618.NASL", "href": "https://www.tenable.com/plugins/nessus/67221", "published": "2013-07-10T00:00:00", "title": "SuSE 11.2 Security Update : curl (SAT Patch Number 7867)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67221);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:41:52 $\");\n\n script_cve_id(\"CVE-2013-2174\");\n\n script_name(english:\"SuSE 11.2 Security Update : curl (SAT Patch Number 7867)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of curl fixes several security issues :\n\n - libcurl URL decode buffer boundary flaw (bnc#824517 /\n CVE-2013-2174)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2174.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7867.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"curl-7.19.7-1.20.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libcurl4-7.19.7-1.20.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"curl-7.19.7-1.20.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libcurl4-7.19.7-1.20.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.20.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"curl-7.19.7-1.20.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"libcurl4-7.19.7-1.20.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libcurl4-32bit-7.19.7-1.20.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.20.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:29:48", "bulletinFamily": "scanner", "description": "This update of curl fixes several security issues.\n\n - libcurl URL decode buffer boundary flaw (bnc#824517 /\n CVE-2013-2174)", "modified": "2019-11-02T00:00:00", "id": "SUSE_CURL-8614.NASL", "href": "https://www.tenable.com/plugins/nessus/67242", "published": "2013-07-11T00:00:00", "title": "SuSE 10 Security Update : curl (ZYPP Patch Number 8614)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67242);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/08/01 10:50:40 $\");\n\n script_cve_id(\"CVE-2013-2174\");\n\n script_name(english:\"SuSE 10 Security Update : curl (ZYPP Patch Number 8614)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of curl fixes several security issues.\n\n - libcurl URL decode buffer boundary flaw (bnc#824517 /\n CVE-2013-2174)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2174.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8614.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"curl-7.15.1-19.30.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"curl-devel-7.15.1-19.30.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"curl-32bit-7.15.1-19.30.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"curl-7.15.1-19.30.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"curl-devel-7.15.1-19.30.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"curl-32bit-7.15.1-19.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:14:26", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:0983 :\n\nUpdated curl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nA heap-based buffer overflow flaw was found in the way libcurl\nunescaped URLs. A remote attacker could provide a specially crafted\nURL that, when processed by an application using libcurl that handles\nuntrusted URLs, would possibly cause it to crash or, potentially,\nexecute arbitrary code. (CVE-2013-2174)\n\nRed Hat would like to thank the cURL project for reporting this issue.\nUpstream acknowledges Timo Sirainen as the original reporter.\n\nUsers of curl should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running applications\nusing libcurl must be restarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2013-0983.NASL", "href": "https://www.tenable.com/plugins/nessus/68841", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : curl (ELSA-2013-0983)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0983 and \n# Oracle Linux Security Advisory ELSA-2013-0983 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68841);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/30 10:58:18\");\n\n script_cve_id(\"CVE-2013-2174\");\n script_bugtraq_id(60737);\n script_xref(name:\"RHSA\", value:\"2013:0983\");\n\n script_name(english:\"Oracle Linux 5 / 6 : curl (ELSA-2013-0983)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0983 :\n\nUpdated curl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nA heap-based buffer overflow flaw was found in the way libcurl\nunescaped URLs. A remote attacker could provide a specially crafted\nURL that, when processed by an application using libcurl that handles\nuntrusted URLs, would possibly cause it to crash or, potentially,\nexecute arbitrary code. (CVE-2013-2174)\n\nRed Hat would like to thank the cURL project for reporting this issue.\nUpstream acknowledges Timo Sirainen as the original reporter.\n\nUsers of curl should upgrade to these updated packages, which contain\na backported patch to correct this issue. All running applications\nusing libcurl must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-June/003544.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-June/003545.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"curl-7.15.5-17.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"curl-devel-7.15.5-17.el5_9\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"curl-7.19.7-37.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libcurl-7.19.7-37.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libcurl-devel-7.19.7-37.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-devel / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:10:47", "bulletinFamily": "scanner", "description": "New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1,\n13.37, 14.0, and -current to fix a security issue.", "modified": "2019-11-02T00:00:00", "id": "SLACKWARE_SSA_2013-174-01.NASL", "href": "https://www.tenable.com/plugins/nessus/66967", "published": "2013-06-24T00:00:00", "title": "Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : curl (SSA:2013-174-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-174-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66967);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/08/01 10:50:40 $\");\n\n script_cve_id(\"CVE-2013-2174\");\n script_xref(name:\"SSA\", value:\"2013-174-01\");\n\n script_name(english:\"Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : curl (SSA:2013-174-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1,\n13.37, 14.0, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.499592\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4714fe66\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.1\", pkgname:\"curl\", pkgver:\"7.16.2\", pkgarch:\"i486\", pkgnum:\"4_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"curl\", pkgver:\"7.19.6\", pkgarch:\"i486\", pkgnum:\"2_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"curl\", pkgver:\"7.19.6\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.19.6\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"curl\", pkgver:\"7.20.1\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.20.1\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"curl\", pkgver:\"7.21.4\", pkgarch:\"i486\", pkgnum:\"2_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.21.4\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.29.0\", pkgarch:\"i486\", pkgnum:\"3_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.29.0\", pkgarch:\"x86_64\", pkgnum:\"3_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.31.0\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.31.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:55:14", "bulletinFamily": "scanner", "description": "A vulnerability has been discovered and corrected in curl :\n\nlibcurl is vulnerable to a case of bad checking of the input data\nwhich may lead to heap corruption. The function curl_easy_unescape()\ndecodes URL encoded strings to raw binary data. URL encoded octets are\nrepresented with \\%HH combinations where HH is a two-digit hexadecimal\nnumber. The decoded string is written to an allocated memory area that\nthe function returns to the caller (CVE-2013-2174).\n\nThe updated packages have been patched to correct this issue.", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2013-180.NASL", "href": "https://www.tenable.com/plugins/nessus/67010", "published": "2013-06-28T00:00:00", "title": "Mandriva Linux Security Advisory : curl (MDVSA-2013:180)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:180. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67010);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/08/02 13:32:55\");\n\n script_cve_id(\"CVE-2013-2174\");\n script_bugtraq_id(60737);\n script_xref(name:\"MDVSA\", value:\"2013:180\");\n\n script_name(english:\"Mandriva Linux Security Advisory : curl (MDVSA-2013:180)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in curl :\n\nlibcurl is vulnerable to a case of bad checking of the input data\nwhich may lead to heap corruption. The function curl_easy_unescape()\ndecodes URL encoded strings to raw binary data. URL encoded octets are\nrepresented with \\%HH combinations where HH is a two-digit hexadecimal\nnumber. The decoded string is written to an allocated memory area that\nthe function returns to the caller (CVE-2013-2174).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://curl.haxx.se/docs/adv_20130622.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"curl-7.24.0-2.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"curl-examples-7.24.0-2.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.24.0-2.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64curl4-7.24.0-2.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:36", "bulletinFamily": "scanner", "description": "A vulnerability was discovered for the curl and libcurl packages in\nopenSUSE versions 12.2 and 12.3.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2013-552.NASL", "href": "https://www.tenable.com/plugins/nessus/75070", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : curl / libcurl (openSUSE-SU-2013:1132-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-552.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75070);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-2174\");\n script_bugtraq_id(60737);\n\n script_name(english:\"openSUSE Security Update : curl / libcurl (openSUSE-SU-2013:1132-1)\");\n script_summary(english:\"Check for the openSUSE-2013-552 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered for the curl and libcurl packages in\nopenSUSE versions 12.2 and 12.3.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=824517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-07/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected curl / libcurl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"curl-7.25.0-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"curl-debuginfo-7.25.0-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"curl-debugsource-7.25.0-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libcurl-devel-7.25.0-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libcurl4-7.25.0-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libcurl4-debuginfo-7.25.0-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.25.0-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.25.0-2.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"curl-7.28.1-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"curl-debuginfo-7.28.1-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"curl-debugsource-7.28.1-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcurl-devel-7.28.1-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcurl4-7.28.1-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcurl4-debuginfo-7.28.1-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.28.1-4.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.28.1-4.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0983\n\n\ncURL provides the libcurl library and a command line tool for downloading\nfiles from servers using various protocols, including HTTP, FTP, and LDAP.\n\nA heap-based buffer overflow flaw was found in the way libcurl unescaped\nURLs. A remote attacker could provide a specially-crafted URL that, when\nprocessed by an application using libcurl that handles untrusted URLs,\nwould possibly cause it to crash or, potentially, execute arbitrary code.\n(CVE-2013-2174)\n\nRed Hat would like to thank the cURL project for reporting this issue.\nUpstream acknowledges Timo Sirainen as the original reporter.\n\nUsers of curl should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications using\nlibcurl must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/019810.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/019815.html\n\n**Affected packages:**\ncurl\ncurl-devel\nlibcurl\nlibcurl-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0983.html", "modified": "2013-06-26T02:25:31", "published": "2013-06-26T02:20:36", "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/019810.html", "id": "CESA-2013:0983", "title": "curl, libcurl security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:19", "bulletinFamily": "unix", "description": "Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.", "modified": "2013-07-02T00:00:00", "published": "2013-07-02T00:00:00", "id": "USN-1894-1", "href": "https://usn.ubuntu.com/1894-1/", "title": "curl vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:54", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2713-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJune 24, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nVulnerability : heap overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2013-2174\n\nTimo Sirainen discovered that cURL, an URL transfer library, is prone to\na heap overflow vulnerability due to bad checking of the input data in\nthe curl_easy_unescape function.\n\nThe curl command line tool is not affected by this problem as it doesn't\nuse the curl_easy_unescape function.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze4.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.31.0-1.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-06-24T21:18:34", "published": "2013-06-24T21:18:34", "id": "DEBIAN:DSA-2713-1:7FDD9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00123.html", "title": "[SECURITY] [DSA 2713-1] curl security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:46", "bulletinFamily": "unix", "description": "cURL provides the libcurl library and a command line tool for downloading\nfiles from servers using various protocols, including HTTP, FTP, and LDAP.\n\nA heap-based buffer overflow flaw was found in the way libcurl unescaped\nURLs. A remote attacker could provide a specially-crafted URL that, when\nprocessed by an application using libcurl that handles untrusted URLs,\nwould possibly cause it to crash or, potentially, execute arbitrary code.\n(CVE-2013-2174)\n\nRed Hat would like to thank the cURL project for reporting this issue.\nUpstream acknowledges Timo Sirainen as the original reporter.\n\nUsers of curl should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications using\nlibcurl must be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:36", "published": "2013-06-25T04:00:00", "id": "RHSA-2013:0983", "href": "https://access.redhat.com/errata/RHSA-2013:0983", "type": "redhat", "title": "(RHSA-2013:0983) Moderate: curl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was discovered that the fix for the CVE-2013-1619 issue released via\nRHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL\nencrypted records when CBC-mode cipher suites were used. A remote attacker\ncould possibly use this flaw to crash a server or client application that\nuses GnuTLS. (CVE-2013-2116)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-2174 (curl issue)\n\nCVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634,\nCVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,\nand CVE-2013-3301 (kernel issues)\n\nCVE-2002-2443 (krb5 issue)\n\nCVE-2013-1950 (libtirpc issue)\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state. \n\nThis update also contains the fixes from the following errata:\n\n* ovirt-node: RHBA-2013:1077\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "modified": "2018-06-07T08:59:39", "published": "2013-07-16T04:00:00", "id": "RHSA-2013:1076", "href": "https://access.redhat.com/errata/RHSA-2013:1076", "type": "redhat", "title": "(RHSA-2013:1076) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:35", "bulletinFamily": "unix", "description": "\ncURL developers report:\n\nlibcurl is vulnerable to a case of bad checking of the\n\t input data which may lead to heap corruption.\nThe function curl_easy_unescape() decodes URL-encoded\n\t strings to raw binary data. URL-encoded octets are\n\t represented with %HH combinations where HH is a two-digit\n\t hexadecimal number. The decoded string is written to an\n\t allocated memory area that the function returns to the\n\t caller.\nThe function takes a source string and a length\n\t parameter, and if the length provided is 0 the function will\n\t instead use strlen() to figure out how much data to\n\t parse.\nThe \"%HH\" parser wrongly only considered the case where a\n\t zero byte would terminate the input. If a length-limited\n\t buffer was passed in which ended with a '%' character which\n\t was followed by two hexadecimal digits outside of the buffer\n\t libcurl was allowed to parse alas without a terminating\n\t zero, libcurl would still parse that sequence as well. The\n\t counter for remaining data to handle would then be decreased\n\t too much and wrap to become a very large integer and the\n\t copying would go on too long and the destination buffer that\n\t is allocated on the heap would get overwritten.\nWe consider it unlikely that programs allow user-provided\n\t strings unfiltered into this function. Also, only the not\n\t zero-terminated input string use case is affected by this\n\t flaw. Exploiting this flaw for gain is probably possible for\n\t specific circumstances but we consider the general risk for\n\t this to be low.\nThe curl command line tool is not affected by this\n\t problem as it doesn't use this function.\nThere are no known exploits available at this time.\n\n", "modified": "2013-07-01T00:00:00", "published": "2013-06-22T00:00:00", "id": "01CF67B3-DC3B-11E2-A6CD-C48508086173", "href": "https://vuxml.freebsd.org/freebsd/01cf67b3-dc3b-11e2-a6cd-c48508086173.html", "title": "cURL library -- heap corruption in curl_easy_unescape", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:20", "bulletinFamily": "unix", "description": "### Background\n\ncURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. \n\n### Description\n\nMultiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user or automated process to connect to a malicious server using cURL, possibly resulting in the remote execution of arbitrary code or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll cURL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/curl-7.34.0-r1\"", "modified": "2014-01-20T00:00:00", "published": "2014-01-20T00:00:00", "id": "GLSA-201401-14", "href": "https://security.gentoo.org/glsa/201401-14", "type": "gentoo", "title": "cURL: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oracle": [{"lastseen": "2019-05-29T18:20:56", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on May 15, 2015, Oracle released [Security Alert for CVE-2015-3456 (QEMU \"Venom\")](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-07-07T00:00:00", "published": "2015-07-14T00:00:00", "id": "ORACLE:CPUJUL2015-2367936", "href": "", "title": "Oracle Critical Patch Update - July 2015", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
