ID CVE-2017-8817 Type cve Reporter cve@mitre.org Modified 2018-11-13T11:29:00
Description
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
{"debian": [{"lastseen": "2019-05-30T02:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817"], "description": "Package : curl\nVersion : 7.26.0-1+wheezy23\nCVE ID : CVE-2017-8817\n\n\nCVE-2017-8817\n\n Fuzzing by the OSS-Fuzz project led to the discovery of a read out of\n bounds flaw in the FTP wildcard function in libcurl. A malicious\n server could redirect a libcurl-based client to an URL using a\n wildcard pattern, triggering the out-of-bound read.\n\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n7.26.0-1+wheezy23.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-11-30T14:10:31", "published": "2017-11-30T14:10:31", "id": "DEBIAN:DLA-1195-1:A5E2E", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201711/msg00040.html", "title": "[SECURITY] [DLA 1195-1] curl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-14T01:04:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4051-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nNovember 29, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2017-8816 CVE-2017-8817\n\nTwo vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2017-8816\n\n Alex Nichols discovered a buffer overrun flaw in the NTLM authentication\n code which can be triggered on 32bit systems where an integer overflow\n might occur when calculating the size of a memory allocation.\n\nCVE-2017-8817\n\n Fuzzing by the OSS-Fuzz project led to the discovery of a read out of\n bounds flaw in the FTP wildcard function in libcurl. A malicious server\n could redirect a libcurl-based client to an URL using a wildcard pattern,\n triggering the out-of-bound read.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u8.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u3.\n\nWe recommend that you upgrade your curl packages.\n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 14, "modified": "2017-11-29T11:09:32", "published": "2017-11-29T11:09:32", "id": "DEBIAN:DSA-4051-1:99280", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00314.html", "title": "[SECURITY] [DSA 4051-1] curl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:38:51", "description": "CVE-2017-8817\n\nFuzzing by the OSS-Fuzz project led to the discovery of a read out of\nbounds flaw in the FTP wildcard function in libcurl. A malicious\nserver could redirect a libcurl-based client to an URL using a\nwildcard pattern, triggering the out-of-bound read.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.26.0-1+wheezy23.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-01T00:00:00", "title": "Debian DLA-1195-1 : curl security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817"], "modified": "2017-12-01T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcurl4-nss-dev", "p-cpe:/a:debian:debian_linux:libcurl3", "p-cpe:/a:debian:debian_linux:libcurl3-gnutls", "p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev", "p-cpe:/a:debian:debian_linux:libcurl3-nss", "p-cpe:/a:debian:debian_linux:curl", "p-cpe:/a:debian:debian_linux:libcurl3-dbg", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev"], "id": "DEBIAN_DLA-1195.NASL", "href": "https://www.tenable.com/plugins/nessus/104937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1195-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104937);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-8817\");\n\n script_name(english:\"Debian DLA-1195-1 : curl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-8817\n\nFuzzing by the OSS-Fuzz project led to the discovery of a read out of\nbounds flaw in the FTP wildcard function in libcurl. A malicious\nserver could redirect a libcurl-based client to an URL using a\nwildcard pattern, triggering the out-of-bound read.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.26.0-1+wheezy23.\n\nWe recommend that you upgrade your curl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/curl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-nss-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"curl\", reference:\"7.26.0-1+wheezy23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3\", reference:\"7.26.0-1+wheezy23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-dbg\", reference:\"7.26.0-1+wheezy23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-gnutls\", reference:\"7.26.0-1+wheezy23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-nss\", reference:\"7.26.0-1+wheezy23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.26.0-1+wheezy23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.26.0-1+wheezy23\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.26.0-1+wheezy23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:53:01", "description": "According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The FTP wildcard function in curl and libcurl before\n 7.57.0 allows remote attackers to cause a denial of\n service (out-of-bounds read and application crash) or\n possibly have unspecified other impact via a string\n that ends with an '[' character.(CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1040)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817"], "modified": "2018-02-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libcurl-devel", "p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1040.NASL", "href": "https://www.tenable.com/plugins/nessus/106768", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106768);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-8817\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1040)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The FTP wildcard function in curl and libcurl before\n 7.57.0 allows remote attackers to cause a denial of\n service (out-of-bounds read and application crash) or\n possibly have unspecified other impact via a string\n that ends with an '[' character.(CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1040\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1cade7b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h15\",\n \"libcurl-7.29.0-35.h15\",\n \"libcurl-devel-7.29.0-35.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:53:00", "description": "According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The FTP wildcard function in curl and libcurl before\n 7.57.0 allows remote attackers to cause a denial of\n service (out-of-bounds read and application crash) or\n possibly have unspecified other impact via a string\n that ends with an '[' character.(CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-13T00:00:00", "title": "EulerOS 2.0 SP1 : curl (EulerOS-SA-2018-1039)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817"], "modified": "2018-02-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libcurl-devel", "p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1039.NASL", "href": "https://www.tenable.com/plugins/nessus/106767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106767);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-8817\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : curl (EulerOS-SA-2018-1039)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The FTP wildcard function in curl and libcurl before\n 7.57.0 allows remote attackers to cause a denial of\n service (out-of-bounds read and application crash) or\n possibly have unspecified other impact via a string\n that ends with an '[' character.(CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1039\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4310dc64\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h15\",\n \"libcurl-7.29.0-35.h15\",\n \"libcurl-devel-7.29.0-35.h15\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:11", "description": " - fix NTLM buffer overflow via integer overflow\n (CVE-2017-8816)\n\n - fix FTP wildcard out of bounds read (CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-11T00:00:00", "title": "Fedora 26 : curl (2017-0c062324cd)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2017-12-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-0C062324CD.NASL", "href": "https://www.tenable.com/plugins/nessus/105124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-0c062324cd.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105124);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"FEDORA\", value:\"2017-0c062324cd\");\n\n script_name(english:\"Fedora 26 : curl (2017-0c062324cd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix NTLM buffer overflow via integer overflow\n (CVE-2017-8816)\n\n - fix FTP wildcard out of bounds read (CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0c062324cd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"curl-7.53.1-13.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:39:39", "description": "An update of the linux package has been released.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 2.0: Linux PHSA-2018-2.0-0016", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2018-5344"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0016_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121918", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0016. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121918);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/03/08\");\n\n script_cve_id(\"CVE-2018-5344\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2018-2.0-0016\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-16.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8817\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-tools-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.80-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.80-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:57", "description": " - fix NTLM buffer overflow via integer overflow\n (CVE-2017-8816)\n\n - fix FTP wildcard out of bounds read (CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : curl (2017-45bdf4dace)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2018-01-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:curl"], "id": "FEDORA_2017-45BDF4DACE.NASL", "href": "https://www.tenable.com/plugins/nessus/105863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-45bdf4dace.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105863);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"FEDORA\", value:\"2017-45bdf4dace\");\n\n script_name(english:\"Fedora 27 : curl (2017-45bdf4dace)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix NTLM buffer overflow via integer overflow\n (CVE-2017-8816)\n\n - fix FTP wildcard out of bounds read (CVE-2017-8817)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-45bdf4dace\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"curl-7.55.1-8.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:38:01", "description": "This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-8816: Buffer overrun flaw in the NTLM\n authentication code (bsc#1069226).\n\n - CVE-2017-8817: Read out of bounds flaw in the FTP\n wildcard function (bsc#1069222).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-22T00:00:00", "title": "openSUSE Security Update : curl (openSUSE-2018-56)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2018-01-22T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcurl-devel-32bit", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl-devel", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:libcurl4-32bit"], "id": "OPENSUSE-2018-56.NASL", "href": "https://www.tenable.com/plugins/nessus/106219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-56.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106219);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2018-56)\");\n script_summary(english:\"Check for the openSUSE-2018-56 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for curl fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-8816: Buffer overrun flaw in the NTLM\n authentication code (bsc#1069226).\n\n - CVE-2017-8817: Read out of bounds flaw in the FTP\n wildcard function (bsc#1069222).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1069226\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debuginfo-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"curl-debugsource-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl-devel-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libcurl4-debuginfo-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-16.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debuginfo-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"curl-debugsource-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl-devel-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libcurl4-debuginfo-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl-devel-32bit-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.37.0-27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.37.0-27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:39:39", "description": "An update of the libtiff package has been released.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 2.0: Libtiff PHSA-2018-2.0-0016", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-9935"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libtiff", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0016_LIBTIFF.NASL", "href": "https://www.tenable.com/plugins/nessus/121917", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0016. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121917);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-9935\");\n\n script_name(english:\"Photon OS 2.0: Libtiff PHSA-2018-2.0-0016\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libtiff package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-16.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8817\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-4.0.9-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-debuginfo-4.0.9-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"libtiff-devel-4.0.9-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:33:42", "description": "Alex Nichols discovered that curl incorrectly handled NTLM\nauthentication credentials. A remote attacker could use this issue to\ncause curl to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS,\nUbuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816)\n\nIt was discovered that curl incorrectly handled FTP wildcard matching.\nA remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly obtain sensitive\ninformation. (CVE-2017-8817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-30T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : curl vulnerabilities (USN-3498-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:curl", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "cpe:/o:canonical:ubuntu_linux:14.04", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls"], "id": "UBUNTU_USN-3498-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104881", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3498-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104881);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"USN\", value:\"3498-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : curl vulnerabilities (USN-3498-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alex Nichols discovered that curl incorrectly handled NTLM\nauthentication credentials. A remote attacker could use this issue to\ncause curl to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS,\nUbuntu 17.04 and Ubuntu 17.10. (CVE-2017-8816)\n\nIt was discovered that curl incorrectly handled FTP wildcard matching.\nA remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly obtain sensitive\ninformation. (CVE-2017-8817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3498-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"curl\", pkgver:\"7.35.0-1ubuntu2.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3\", pkgver:\"7.35.0-1ubuntu2.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.35.0-1ubuntu2.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.35.0-1ubuntu2.13\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"curl\", pkgver:\"7.47.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3\", pkgver:\"7.47.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.47.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.47.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"curl\", pkgver:\"7.52.1-4ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3\", pkgver:\"7.52.1-4ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.52.1-4ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.52.1-4ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"curl\", pkgver:\"7.55.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3\", pkgver:\"7.55.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.55.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.55.1-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl3 / libcurl3-gnutls / libcurl3-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T01:23:17", "description": "The NTLM authentication feature in curl and libcurl before 7.57.0 on\n32-bit platforms allows attackers to cause a denial of service\n(integer overflow and resultant buffer overflow, and application\ncrash) or possibly have unspecified other impact via vectors involving\nlong user and password fields. (CVE-2017-8816)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows\nremote attackers to cause a denial of service (out-of-bounds read and\napplication crash) or possibly have unspecified other impact via a\nstring that ends with an '[' character. (CVE-2017-8817)", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-04T00:00:00", "title": "Amazon Linux AMI : curl (ALAS-2018-938)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "p-cpe:/a:amazon:linux:curl-debuginfo", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:curl"], "id": "ALA_ALAS-2018-938.NASL", "href": "https://www.tenable.com/plugins/nessus/105516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-938.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105516);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_xref(name:\"ALAS\", value:\"2018-938\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2018-938)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The NTLM authentication feature in curl and libcurl before 7.57.0 on\n32-bit platforms allows attackers to cause a denial of service\n(integer overflow and resultant buffer overflow, and application\ncrash) or possibly have unspecified other impact via vectors involving\nlong user and password fields. (CVE-2017-8816)\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows\nremote attackers to cause a denial of service (out-of-bounds read and\napplication crash) or possibly have unspecified other impact via a\nstring that ends with an '[' character. (CVE-2017-8817)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-938.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.53.1-13.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.53.1-13.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.53.1-13.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.53.1-13.80.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:22", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817"], "description": "USN-3498-1 fixed a vulnerability in curl. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that curl incorrectly handled FTP wildcard matching. A \nremote attacker could use this issue to cause curl to crash, resulting in a \ndenial of service, or possibly obtain sensitive information. \n(CVE-2017-8817)", "edition": 6, "modified": "2017-12-04T00:00:00", "published": "2017-12-04T00:00:00", "id": "USN-3498-2", "href": "https://ubuntu.com/security/notices/USN-3498-2", "title": "curl vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:42:12", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "description": "Alex Nichols discovered that curl incorrectly handled NTLM authentication \ncredentials. A remote attacker could use this issue to cause curl to crash, \nresulting in a denial of service, or possibly execute arbitrary code. This \nissue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. \n(CVE-2017-8816)\n\nIt was discovered that curl incorrectly handled FTP wildcard matching. A \nremote attacker could use this issue to cause curl to crash, resulting in a \ndenial of service, or possibly obtain sensitive information. \n(CVE-2017-8817)", "edition": 5, "modified": "2017-11-29T00:00:00", "published": "2017-11-29T00:00:00", "id": "USN-3498-1", "href": "https://ubuntu.com/security/notices/USN-3498-1", "title": "curl vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-27T18:35:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181039", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1039)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1039\");\n script_version(\"2020-01-23T11:09:48+0000\");\n script_cve_id(\"CVE-2017-8817\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:09:48 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:09:48 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1039)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1039\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1039\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1039 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.(CVE-2017-8817)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h15\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181040", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1040)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1040\");\n script_version(\"2020-01-23T11:09:49+0000\");\n script_cve_id(\"CVE-2017-8817\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:09:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:09:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1040)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1040\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1040\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1040 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.(CVE-2017-8817)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h15\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T19:02:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "description": "Two vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2017-8816\nAlex Nichols discovered a buffer overrun flaw in the NTLM authentication\ncode which can be triggered on 32bit systems where an integer overflow\nmight occur when calculating the size of a memory allocation.\n\nCVE-2017-8817\nFuzzing by the OSS-Fuzz project led to the discovery of a read out of\nbounds flaw in the FTP wildcard function in libcurl. A malicious server\ncould redirect a libcurl-based client to an URL using a wildcard pattern,\ntriggering the out-of-bound read.", "modified": "2019-07-04T00:00:00", "published": "2017-11-29T00:00:00", "id": "OPENVAS:1361412562310704051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704051", "type": "openvas", "title": "Debian Security Advisory DSA 4051-1 (curl - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4051-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704051\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_name(\"Debian Security Advisory DSA 4051-1 (curl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-29 00:00:00 +0100 (Wed, 29 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4051.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u8.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u3.\n\nWe recommend that you upgrade your curl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/curl\");\n script_tag(name:\"summary\", value:\"Two vulnerabilities were discovered in cURL, an URL transfer library.\n\nCVE-2017-8816\nAlex Nichols discovered a buffer overrun flaw in the NTLM authentication\ncode which can be triggered on 32bit systems where an integer overflow\nmight occur when calculating the size of a memory allocation.\n\nCVE-2017-8817\nFuzzing by the OSS-Fuzz project led to the discovery of a read out of\nbounds flaw in the FTP wildcard function in libcurl. A malicious server\ncould redirect a libcurl-based client to an URL using a wildcard pattern,\ntriggering the out-of-bound read.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.38.0-4+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-doc\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.52.1-5+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-12-10T00:00:00", "id": "OPENVAS:1361412562310873888", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873888", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-0c062324cd", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_0c062324cd_curl_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2017-0c062324cd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873888\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-10 08:11:14 +0100 (Sun, 10 Dec 2017)\");\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-0c062324cd\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-0c062324cd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVHQBLZRBWKQK2BGDG3SQNPKXVJSDD3L\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.53.1~13.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-12-10T00:00:00", "id": "OPENVAS:1361412562310873891", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873891", "type": "openvas", "title": "Fedora Update for curl FEDORA-2017-45bdf4dace", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_45bdf4dace_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2017-45bdf4dace\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873891\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-10 08:11:42 +0100 (Sun, 10 Dec 2017)\");\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2017-45bdf4dace\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-45bdf4dace\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUN365G67BKHU3RK2UXAQK7KZ6XSSU7A\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~8.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-30T00:00:00", "id": "OPENVAS:1361412562310843384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843384", "type": "openvas", "title": "Ubuntu Update for curl USN-3498-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3498_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for curl USN-3498-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843384\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-30 07:34:42 +0100 (Thu, 30 Nov 2017)\");\n script_cve_id(\"CVE-2017-8816\", \"CVE-2017-8817\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for curl USN-3498-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alex Nichols discovered that curl\n incorrectly handled NTLM authentication credentials. A remote attacker could use\n this issue to cause curl to crash, resulting in a denial of service, or possibly\n execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04\n and Ubuntu 17.10. (CVE-2017-8816) It was discovered that curl incorrectly\n handled FTP wildcard matching. A remote attacker could use this issue to cause\n curl to crash, resulting in a denial of service, or possibly obtain sensitive\n information. (CVE-2017-8817)\");\n script_tag(name:\"affected\", value:\"curl on Ubuntu 17.10,\n Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3498-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3498-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.35.0-1ubuntu2.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.55.1-1ubuntu2.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.52.1-4ubuntu1.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:amd64\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:amd64\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:amd64\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.47.0-1ubuntu2.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2016-9586", "CVE-2018-1000301"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181330", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1330)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1330\");\n script_version(\"2020-01-23T13:52:22+0000\");\n script_cve_id(\"CVE-2016-9586\", \"CVE-2017-1000254\", \"CVE-2017-8817\", \"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000301\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:52:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:21:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1330)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1330\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1330\");\n script_xref(name:\"URL\", value:\"https://github.com/curl/curl/commit/415d2e7cb7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2018-1330 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2018-1000301)\n\ncurl version curl 7.20.0 to and including curl 7.59.0 contains a Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded rtsp content.(CVE-2016-9586)\n\nlibcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](see references), March 2005. In libcurl version 7.56 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h7\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-4092", "CVE-2018-4091", "CVE-2017-8817", "CVE-2018-4093", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4089", "CVE-2018-4090"], "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-04-29T00:00:00", "published": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310812661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812661", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 (HT208465)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 (HT208465)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812661\");\n script_version(\"2019-04-29T05:39:50+0000\");\n script_cve_id(\"CVE-2018-4096\", \"CVE-2018-4088\", \"CVE-2018-4089\", \"CVE-2018-4091\",\n \"CVE-2018-4093\", \"CVE-2018-4092\", \"CVE-2018-4090\", \"CVE-2017-8817\");\n script_bugtraq_id(102057);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 05:39:50 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 10:37:13 +0530 (Wed, 24 Jan 2018)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 (HT208465)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An out-of-bounds read issue existed in the curl.\n\n - A memory initialization issue within kernel.\n\n - A race condition within kernel.\n\n - A validation issue within kernel.\n\n - A sandbox access issue.\n\n - Multiple memory corruption issues.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on the affected system, bypass sandbox restrictions and\n read restricted memory.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.13.x prior to\n 10.13.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.13.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208465\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.13\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.13\")\n exit(0);\n\nif(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.2\")) {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.13.3\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2018-1000007", "CVE-2018-1000300", "CVE-2017-8816", "CVE-2017-1000257", "CVE-2018-1000005", "CVE-2018-1000301"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-24T00:00:00", "id": "OPENVAS:1361412562310874598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874598", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-9dc7338487", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9dc7338487_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-9dc7338487\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874598\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-24 05:57:24 +0200 (Thu, 24 May 2018)\");\n script_cve_id(\"CVE-2018-1000300\", \"CVE-2018-1000301\", \"CVE-2018-1000120\", \"CVE-2018-1000121\",\n \"CVE-2018-1000122\", \"CVE-2018-1000005\", \"CVE-2018-1000007\", \"CVE-2017-8816\",\n \"CVE-2017-8817\", \"CVE-2017-1000257\", \"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-9dc7338487\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9dc7338487\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IG5IEI7K4IAV5R7FO6MDFXB3NU3CED7E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~11.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000120", "CVE-2018-1000121", "CVE-2017-8817", "CVE-2018-1000122", "CVE-2017-1000254", "CVE-2018-1000007", "CVE-2018-1000300", "CVE-2018-14618", "CVE-2017-8816", "CVE-2017-1000257", "CVE-2018-1000005", "CVE-2018-1000301"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-22T00:00:00", "id": "OPENVAS:1361412562310875089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875089", "type": "openvas", "title": "Fedora Update for curl FEDORA-2018-ba443bcb6d", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ba443bcb6d_curl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for curl FEDORA-2018-ba443bcb6d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875089\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-22 08:12:29 +0200 (Sat, 22 Sep 2018)\");\n script_cve_id(\"CVE-2018-14618\", \"CVE-2018-1000300\", \"CVE-2018-1000301\", \"CVE-2018-1000120\",\n \"CVE-2018-1000121\", \"CVE-2018-1000122\", \"CVE-2018-1000005\", \"CVE-2018-1000007\",\n \"CVE-2017-8816\", \"CVE-2017-8817\", \"CVE-2017-1000257\", \"CVE-2017-1000254\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2018-ba443bcb6d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ba443bcb6d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4CPYBJNZ43GUMZI5MTLBBPGT44TLYQK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.55.1~14.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817"], "description": "Arch Linux Security Advisory ASA-201711-33\n==========================================\n\nSeverity: Medium\nDate : 2017-11-30\nCVE-ID : CVE-2017-8817\nPackage : curl\nType : information disclosure\nRemote : Yes\nLink : https://security.archlinux.org/AVG-524\n\nSummary\n=======\n\nThe package curl before version 7.57.0-1 is vulnerable to information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 7.57.0-1.\n\n# pacman -Syu \"curl>=7.57.0-1\"\n\nThe problem has been fixed upstream in version 7.57.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA read out of bounds flaw has been found in the FTP wildcard function\nof libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching\nfeature, which is enabled with the `CURLOPT_WILDCARDMATCH` option can\nuse a built-in wildcard function or a user provided one. The built-in\nwildcard function has a flaw that makes it not detect the end of the\npattern string if it ends with an open bracket (`[`) but instead it\nwill continue reading the heap beyond the end of the URL buffer that\nholds the wildcard.\nFor applications that use HTTP(S) URLs, allow libcurl to handle\nredirects and have FTP wildcards enabled, this flaw can be triggered by\nmalicious servers that can redirect clients to a URL using such a\nwildcard pattern.\n\nImpact\n======\n\nA remote attacker is able to crash the application or possibly disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\nhttps://curl.haxx.se/CVE-2017-8817.patch\nhttps://github.com/curl/curl/commit/0b664ba968437715819bfe4c7ada5679d16ebbc3\nhttps://security.archlinux.org/CVE-2017-8817", "modified": "2017-11-30T00:00:00", "published": "2017-11-30T00:00:00", "id": "ASA-201711-33", "href": "https://security.archlinux.org/ASA-201711-33", "type": "archlinux", "title": "[ASA-201711-33] curl: information disclosure", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817"], "description": "Arch Linux Security Advisory ASA-201711-34\n==========================================\n\nSeverity: Medium\nDate : 2017-11-30\nCVE-ID : CVE-2017-8817\nPackage : libcurl-gnutls\nType : information disclosure\nRemote : Yes\nLink : https://security.archlinux.org/AVG-525\n\nSummary\n=======\n\nThe package libcurl-gnutls before version 7.57.0-1 is vulnerable to\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 7.57.0-1.\n\n# pacman -Syu \"libcurl-gnutls>=7.57.0-1\"\n\nThe problem has been fixed upstream in version 7.57.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA read out of bounds flaw has been found in the FTP wildcard function\nof libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching\nfeature, which is enabled with the `CURLOPT_WILDCARDMATCH` option can\nuse a built-in wildcard function or a user provided one. The built-in\nwildcard function has a flaw that makes it not detect the end of the\npattern string if it ends with an open bracket (`[`) but instead it\nwill continue reading the heap beyond the end of the URL buffer that\nholds the wildcard.\nFor applications that use HTTP(S) URLs, allow libcurl to handle\nredirects and have FTP wildcards enabled, this flaw can be triggered by\nmalicious servers that can redirect clients to a URL using such a\nwildcard pattern.\n\nImpact\n======\n\nA remote attacker is able to crash the application or possibly disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\nhttps://curl.haxx.se/CVE-2017-8817.patch\nhttps://github.com/curl/curl/commit/0b664ba968437715819bfe4c7ada5679d16ebbc3\nhttps://security.archlinux.org/CVE-2017-8817", "modified": "2017-11-30T00:00:00", "published": "2017-11-30T00:00:00", "id": "ASA-201711-34", "href": "https://security.archlinux.org/ASA-201711-34", "type": "archlinux", "title": "[ASA-201711-34] libcurl-gnutls: information disclosure", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817"], "description": "Arch Linux Security Advisory ASA-201711-35\n==========================================\n\nSeverity: Medium\nDate : 2017-11-30\nCVE-ID : CVE-2017-8817\nPackage : libcurl-compat\nType : information disclosure\nRemote : Yes\nLink : https://security.archlinux.org/AVG-526\n\nSummary\n=======\n\nThe package libcurl-compat before version 7.57.0-1 is vulnerable to\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 7.57.0-1.\n\n# pacman -Syu \"libcurl-compat>=7.57.0-1\"\n\nThe problem has been fixed upstream in version 7.57.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA read out of bounds flaw has been found in the FTP wildcard function\nof libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching\nfeature, which is enabled with the `CURLOPT_WILDCARDMATCH` option can\nuse a built-in wildcard function or a user provided one. The built-in\nwildcard function has a flaw that makes it not detect the end of the\npattern string if it ends with an open bracket (`[`) but instead it\nwill continue reading the heap beyond the end of the URL buffer that\nholds the wildcard.\nFor applications that use HTTP(S) URLs, allow libcurl to handle\nredirects and have FTP wildcards enabled, this flaw can be triggered by\nmalicious servers that can redirect clients to a URL using such a\nwildcard pattern.\n\nImpact\n======\n\nA remote attacker is able to crash the application or possibly disclose\nsensitive information on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\nhttps://curl.haxx.se/CVE-2017-8817.patch\nhttps://github.com/curl/curl/commit/0b664ba968437715819bfe4c7ada5679d16ebbc3\nhttps://security.archlinux.org/CVE-2017-8817", "modified": "2017-11-30T00:00:00", "published": "2017-11-30T00:00:00", "id": "ASA-201711-35", "href": "https://security.archlinux.org/ASA-201711-35", "type": "archlinux", "title": "[ASA-201711-35] libcurl-compat: information disclosure", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"], "description": "Arch Linux Security Advisory ASA-201711-37\n==========================================\n\nSeverity: High\nDate : 2017-11-30\nCVE-ID : CVE-2017-8816 CVE-2017-8817 CVE-2017-8818\nPackage : lib32-libcurl-gnutls\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-523\n\nSummary\n=======\n\nThe package lib32-libcurl-gnutls before version 7.57.0-1 is vulnerable\nto multiple issues including arbitrary code execution and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 7.57.0-1.\n\n# pacman -Syu \"lib32-libcurl-gnutls>=7.57.0-1\"\n\nThe problems have been fixed upstream in version 7.57.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-8816 (arbitrary code execution)\n\nA buffer overrun flaw has been found in libcurl > 7.15.4 and < 7.57.0,\nin the NTLM authentication code. The internal function\n`Curl_ntlm_core_mk_ntlmv2_hash` sums up the lengths of the user name +\npassword (= SUM) and multiplies the sum by two (= SIZE) to figure out\nhow large storage to allocate from the heap. The SUM value is\nsubsequently used to iterate over the input and generate output into\nthe storage buffer. On systems with a 32 bit `size_t`, the math to\ncalculate SIZE triggers an integer overflow when the combined lengths\nof the user name and password is larger than 2GB (2^31 bytes). This\ninteger overflow usually causes a very small buffer to actually get\nallocated instead of the intended very huge one, making the use of that\nbuffer end up in a buffer overrun.\nThis is only an issue on 32 bit systems. It also requires the user and\npassword fields to use more than 2GB of memory combined, which in\nitself should be rare.\n\n- CVE-2017-8817 (information disclosure)\n\nA read out of bounds flaw has been found in the FTP wildcard function\nof libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching\nfeature, which is enabled with the `CURLOPT_WILDCARDMATCH` option can\nuse a built-in wildcard function or a user provided one. The built-in\nwildcard function has a flaw that makes it not detect the end of the\npattern string if it ends with an open bracket (`[`) but instead it\nwill continue reading the heap beyond the end of the URL buffer that\nholds the wildcard.\nFor applications that use HTTP(S) URLs, allow libcurl to handle\nredirects and have FTP wildcards enabled, this flaw can be triggered by\nmalicious servers that can redirect clients to a URL using such a\nwildcard pattern.\n\n- CVE-2017-8818 (arbitrary code execution)\n\nAn out-of-bounds flaw has been found in the SSL related code of libcurl\n><i>= 7.56.0 and < 7.57.0. When allocating memory for a connection (the\n</I>internal struct called connectdata), a certain amount of memory is\nallocated at the end of the struct to be used for SSL related structs.\nThose structs are used by the particular SSL library libcurl is built\nto use. The application can also tell libcurl which specific SSL\nlibrary to use if it was built to support more than one. The math used\nto calculate the extra memory amount necessary for the SSL library was\nwrong on 32 bit systems, which made the allocated memory too small by 4\nbytes. The last struct member of the last object within the memory area\ncould then be outside of what was allocated. Accessing that member\ncould lead to a crash or other undefined behaviors depending on what\nmemory that is present there and how the particular SSL library decides\nto act on that memory content.\nSpecifically the vulnerability is present if libcurl was built so that\nsizeof(long long *) < sizeof(long long) which as far as we are aware\nonly happens in 32-bit builds.\n\nImpact\n======\n\nA remote attacker is able to crash the application, possibly disclose\nsensitive information or execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2017-11e7.html\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\nhttps://curl.haxx.se/docs/adv_2017-af0a.html\nhttps://curl.haxx.se/CVE-2017-8816.patch\nhttps://github.com/curl/curl/commit/7f2a1df6f5fc598750b2c6f34465c8d924db28cc\nhttps://curl.haxx.se/CVE-2017-8817.patch\nhttps://github.com/curl/curl/commit/0b664ba968437715819bfe4c7ada5679d16ebbc3\nhttps://curl.haxx.se/CVE-2017-8818.patch\nhttps://github.com/curl/curl/commit/9b5e12a5491d2e6b68e0c88ca56f3a9ef9fba400\nhttps://security.archlinux.org/CVE-2017-8816\nhttps://security.archlinux.org/CVE-2017-8817\nhttps://security.archlinux.org/CVE-2017-8818", "modified": "2017-11-30T00:00:00", "published": "2017-11-30T00:00:00", "id": "ASA-201711-37", "href": "https://security.archlinux.org/ASA-201711-37", "type": "archlinux", "title": "[ASA-201711-37] lib32-libcurl-gnutls: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"], "description": "Arch Linux Security Advisory ASA-201711-36\n==========================================\n\nSeverity: High\nDate : 2017-11-30\nCVE-ID : CVE-2017-8816 CVE-2017-8817 CVE-2017-8818\nPackage : lib32-curl\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-521\n\nSummary\n=======\n\nThe package lib32-curl before version 7.57.0-1 is vulnerable to\nmultiple issues including arbitrary code execution and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 7.57.0-1.\n\n# pacman -Syu \"lib32-curl>=7.57.0-1\"\n\nThe problems have been fixed upstream in version 7.57.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-8816 (arbitrary code execution)\n\nA buffer overrun flaw has been found in libcurl > 7.15.4 and < 7.57.0,\nin the NTLM authentication code. The internal function\n`Curl_ntlm_core_mk_ntlmv2_hash` sums up the lengths of the user name +\npassword (= SUM) and multiplies the sum by two (= SIZE) to figure out\nhow large storage to allocate from the heap. The SUM value is\nsubsequently used to iterate over the input and generate output into\nthe storage buffer. On systems with a 32 bit `size_t`, the math to\ncalculate SIZE triggers an integer overflow when the combined lengths\nof the user name and password is larger than 2GB (2^31 bytes). This\ninteger overflow usually causes a very small buffer to actually get\nallocated instead of the intended very huge one, making the use of that\nbuffer end up in a buffer overrun.\nThis is only an issue on 32 bit systems. It also requires the user and\npassword fields to use more than 2GB of memory combined, which in\nitself should be rare.\n\n- CVE-2017-8817 (information disclosure)\n\nA read out of bounds flaw has been found in the FTP wildcard function\nof libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching\nfeature, which is enabled with the `CURLOPT_WILDCARDMATCH` option can\nuse a built-in wildcard function or a user provided one. The built-in\nwildcard function has a flaw that makes it not detect the end of the\npattern string if it ends with an open bracket (`[`) but instead it\nwill continue reading the heap beyond the end of the URL buffer that\nholds the wildcard.\nFor applications that use HTTP(S) URLs, allow libcurl to handle\nredirects and have FTP wildcards enabled, this flaw can be triggered by\nmalicious servers that can redirect clients to a URL using such a\nwildcard pattern.\n\n- CVE-2017-8818 (arbitrary code execution)\n\nAn out-of-bounds flaw has been found in the SSL related code of libcurl\n><i>= 7.56.0 and < 7.57.0. When allocating memory for a connection (the\n</I>internal struct called connectdata), a certain amount of memory is\nallocated at the end of the struct to be used for SSL related structs.\nThose structs are used by the particular SSL library libcurl is built\nto use. The application can also tell libcurl which specific SSL\nlibrary to use if it was built to support more than one. The math used\nto calculate the extra memory amount necessary for the SSL library was\nwrong on 32 bit systems, which made the allocated memory too small by 4\nbytes. The last struct member of the last object within the memory area\ncould then be outside of what was allocated. Accessing that member\ncould lead to a crash or other undefined behaviors depending on what\nmemory that is present there and how the particular SSL library decides\nto act on that memory content.\nSpecifically the vulnerability is present if libcurl was built so that\nsizeof(long long *) < sizeof(long long) which as far as we are aware\nonly happens in 32-bit builds.\n\nImpact\n======\n\nA remote attacker is able to crash the application, possibly disclose\nsensitive information or execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2017-11e7.html\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\nhttps://curl.haxx.se/docs/adv_2017-af0a.html\nhttps://curl.haxx.se/CVE-2017-8816.patch\nhttps://github.com/curl/curl/commit/7f2a1df6f5fc598750b2c6f34465c8d924db28cc\nhttps://curl.haxx.se/CVE-2017-8817.patch\nhttps://github.com/curl/curl/commit/0b664ba968437715819bfe4c7ada5679d16ebbc3\nhttps://curl.haxx.se/CVE-2017-8818.patch\nhttps://github.com/curl/curl/commit/9b5e12a5491d2e6b68e0c88ca56f3a9ef9fba400\nhttps://security.archlinux.org/CVE-2017-8816\nhttps://security.archlinux.org/CVE-2017-8817\nhttps://security.archlinux.org/CVE-2017-8818", "modified": "2017-11-30T00:00:00", "published": "2017-11-30T00:00:00", "id": "ASA-201711-36", "href": "https://security.archlinux.org/ASA-201711-36", "type": "archlinux", "title": "[ASA-201711-36] lib32-curl: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"], "description": "Arch Linux Security Advisory ASA-201711-38\n==========================================\n\nSeverity: High\nDate : 2017-11-30\nCVE-ID : CVE-2017-8816 CVE-2017-8817 CVE-2017-8818\nPackage : lib32-libcurl-compat\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-522\n\nSummary\n=======\n\nThe package lib32-libcurl-compat before version 7.57.0-1 is vulnerable\nto multiple issues including arbitrary code execution and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 7.57.0-1.\n\n# pacman -Syu \"lib32-libcurl-compat>=7.57.0-1\"\n\nThe problems have been fixed upstream in version 7.57.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-8816 (arbitrary code execution)\n\nA buffer overrun flaw has been found in libcurl > 7.15.4 and < 7.57.0,\nin the NTLM authentication code. The internal function\n`Curl_ntlm_core_mk_ntlmv2_hash` sums up the lengths of the user name +\npassword (= SUM) and multiplies the sum by two (= SIZE) to figure out\nhow large storage to allocate from the heap. The SUM value is\nsubsequently used to iterate over the input and generate output into\nthe storage buffer. On systems with a 32 bit `size_t`, the math to\ncalculate SIZE triggers an integer overflow when the combined lengths\nof the user name and password is larger than 2GB (2^31 bytes). This\ninteger overflow usually causes a very small buffer to actually get\nallocated instead of the intended very huge one, making the use of that\nbuffer end up in a buffer overrun.\nThis is only an issue on 32 bit systems. It also requires the user and\npassword fields to use more than 2GB of memory combined, which in\nitself should be rare.\n\n- CVE-2017-8817 (information disclosure)\n\nA read out of bounds flaw has been found in the FTP wildcard function\nof libcurl >= 7.21.0 and < 7.57.0. libcurl's FTP wildcard matching\nfeature, which is enabled with the `CURLOPT_WILDCARDMATCH` option can\nuse a built-in wildcard function or a user provided one. The built-in\nwildcard function has a flaw that makes it not detect the end of the\npattern string if it ends with an open bracket (`[`) but instead it\nwill continue reading the heap beyond the end of the URL buffer that\nholds the wildcard.\nFor applications that use HTTP(S) URLs, allow libcurl to handle\nredirects and have FTP wildcards enabled, this flaw can be triggered by\nmalicious servers that can redirect clients to a URL using such a\nwildcard pattern.\n\n- CVE-2017-8818 (arbitrary code execution)\n\nAn out-of-bounds flaw has been found in the SSL related code of libcurl\n><i>= 7.56.0 and < 7.57.0. When allocating memory for a connection (the\n</I>internal struct called connectdata), a certain amount of memory is\nallocated at the end of the struct to be used for SSL related structs.\nThose structs are used by the particular SSL library libcurl is built\nto use. The application can also tell libcurl which specific SSL\nlibrary to use if it was built to support more than one. The math used\nto calculate the extra memory amount necessary for the SSL library was\nwrong on 32 bit systems, which made the allocated memory too small by 4\nbytes. The last struct member of the last object within the memory area\ncould then be outside of what was allocated. Accessing that member\ncould lead to a crash or other undefined behaviors depending on what\nmemory that is present there and how the particular SSL library decides\nto act on that memory content.\nSpecifically the vulnerability is present if libcurl was built so that\nsizeof(long long *) < sizeof(long long) which as far as we are aware\nonly happens in 32-bit builds.\n\nImpact\n======\n\nA remote attacker is able to crash the application, possibly disclose\nsensitive information or execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://curl.haxx.se/docs/adv_2017-11e7.html\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\nhttps://curl.haxx.se/docs/adv_2017-af0a.html\nhttps://curl.haxx.se/CVE-2017-8816.patch\nhttps://github.com/curl/curl/commit/7f2a1df6f5fc598750b2c6f34465c8d924db28cc\nhttps://curl.haxx.se/CVE-2017-8817.patch\nhttps://github.com/curl/curl/commit/0b664ba968437715819bfe4c7ada5679d16ebbc3\nhttps://curl.haxx.se/CVE-2017-8818.patch\nhttps://github.com/curl/curl/commit/9b5e12a5491d2e6b68e0c88ca56f3a9ef9fba400\nhttps://security.archlinux.org/CVE-2017-8816\nhttps://security.archlinux.org/CVE-2017-8817\nhttps://security.archlinux.org/CVE-2017-8818", "modified": "2017-11-30T00:00:00", "published": "2017-11-30T00:00:00", "id": "ASA-201711-38", "href": "https://security.archlinux.org/ASA-201711-38", "type": "archlinux", "title": "[ASA-201711-38] lib32-libcurl-compat: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:49", "bulletinFamily": "software", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nAlex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. ([CVE-2017-8816](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8816>))\n\nIt was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. ([CVE-2017-8817](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8817>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3421.x versions prior to 3421.34\n * 3445.x versions prior to 3445.19\n * 3468.x versions prior to 3468.13\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.171.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3421.x versions prior to 3421.34\n * Upgrade 3445.x versions prior to 3445.19\n * Upgrade 3468.x versions prior to 3468.13\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.171.0 or later.\n\n# References\n\n * [USN-3498-1](<http://www.ubuntu.com/usn/usn-3498-1/>)\n * [CVE-2017-8816](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8816>)\n * [CVE-2017-8817](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8817>)\n", "edition": 5, "modified": "2017-12-14T00:00:00", "published": "2017-12-14T00:00:00", "id": "CFOUNDRY:B92BE0D66798E831F55CF2D88AA976E4", "href": "https://www.cloudfoundry.org/blog/usn-3498-1/", "title": "USN-3498-1: curl vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:12", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817", "CVE-2017-8816"], "description": "**Issue Overview:**\n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. ([CVE-2017-8816 __](<https://access.redhat.com/security/cve/CVE-2017-8816>))\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an \"[\" character. ([CVE-2017-8817 __](<https://access.redhat.com/security/cve/CVE-2017-8817>))\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n curl-debuginfo-7.53.1-13.80.amzn1.i686 \n curl-7.53.1-13.80.amzn1.i686 \n libcurl-7.53.1-13.80.amzn1.i686 \n libcurl-devel-7.53.1-13.80.amzn1.i686 \n \n src: \n curl-7.53.1-13.80.amzn1.src \n \n x86_64: \n libcurl-7.53.1-13.80.amzn1.x86_64 \n curl-7.53.1-13.80.amzn1.x86_64 \n libcurl-devel-7.53.1-13.80.amzn1.x86_64 \n curl-debuginfo-7.53.1-13.80.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2018-01-03T08:22:00", "published": "2018-01-03T08:22:00", "id": "ALAS-2018-938", "href": "https://alas.aws.amazon.com/ALAS-2018-938.html", "title": "Medium: curl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:24", "bulletinFamily": "unix", "cvelist": ["CVE-2019-3823", "CVE-2018-16840", "CVE-2017-8817", "CVE-2017-1000254", "CVE-2018-16890", "CVE-2017-8818", "CVE-2017-8816", "CVE-2017-1000257", "CVE-2019-3822", "CVE-2018-20483", "CVE-2018-16839", "CVE-2018-16842"], "description": "**Issue Overview:**\n\nlibcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.([CVE-2018-16890 __](<https://access.redhat.com/security/cve/CVE-2018-16890>)) \n\nThe NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.([CVE-2017-8816 __](<https://access.redhat.com/security/cve/CVE-2017-8816>))\n\ncurl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.([CVE-2017-8818 __](<https://access.redhat.com/security/cve/CVE-2017-8818>))\n\nlibcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.([CVE-2017-1000254 __](<https://access.redhat.com/security/cve/CVE-2017-1000254>))\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.([CVE-2018-16842 __](<https://access.redhat.com/security/cve/CVE-2018-16842>))\n\nlibcurl is vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.([CVE-2019-3822 __](<https://access.redhat.com/security/cve/CVE-2019-3822>))\n\nlibcurl is vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.([CVE-2019-3823 __](<https://access.redhat.com/security/cve/CVE-2019-3823>))\n\nThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.([CVE-2017-8817 __](<https://access.redhat.com/security/cve/CVE-2017-8817>))\n\nset_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.([CVE-2018-20483 __](<https://access.redhat.com/security/cve/CVE-2018-20483>))\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.([CVE-2017-1000257 __](<https://access.redhat.com/security/cve/CVE-2017-1000257>))\n\nA heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.([CVE-2018-16840 __](<https://access.redhat.com/security/cve/CVE-2018-16840>))\n\nCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.([CVE-2018-16839 __](<https://access.redhat.com/security/cve/CVE-2018-16839>))\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n curl-7.61.1-9.amzn2.0.1.aarch64 \n libcurl-7.61.1-9.amzn2.0.1.aarch64 \n libcurl-devel-7.61.1-9.amzn2.0.1.aarch64 \n curl-debuginfo-7.61.1-9.amzn2.0.1.aarch64 \n \n i686: \n curl-7.61.1-9.amzn2.0.1.i686 \n libcurl-7.61.1-9.amzn2.0.1.i686 \n libcurl-devel-7.61.1-9.amzn2.0.1.i686 \n curl-debuginfo-7.61.1-9.amzn2.0.1.i686 \n \n src: \n curl-7.61.1-9.amzn2.0.1.src \n \n x86_64: \n curl-7.61.1-9.amzn2.0.1.x86_64 \n libcurl-7.61.1-9.amzn2.0.1.x86_64 \n libcurl-devel-7.61.1-9.amzn2.0.1.x86_64 \n curl-debuginfo-7.61.1-9.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2019-02-16T00:34:00", "published": "2019-02-16T00:34:00", "id": "ALAS2-2019-1162", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1162.html", "title": "Medium: curl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2017-12-09T22:30:25", "published": "2017-12-09T22:30:25", "id": "FEDORA:4813E602F5BE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: curl-7.53.1-13.fc26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8816", "CVE-2017-8817"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2017-12-10T05:11:43", "published": "2017-12-10T05:11:43", "id": "FEDORA:597806048158", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: curl-7.55.1-8.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-100025", "CVE-2017-1000254", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000005", "CVE-2018-1000007", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2018-05-23T16:00:01", "published": "2018-05-23T16:00:01", "id": "FEDORA:5C8E66094E72", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: curl-7.55.1-11.fc27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-100025", "CVE-2017-1000254", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000005", "CVE-2018-1000007", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-14618"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2018-09-20T18:18:52", "published": "2018-09-20T18:18:52", "id": "FEDORA:87D78601E81F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: curl-7.55.1-14.fc27", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:35:59", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818"], "description": "New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/curl-7.57.0-i586-1_slack14.2.txz: Upgraded.\n This update fixes security issues:\n SSL out of buffer access\n FTP wildcard out of bounds read\n NTLM buffer overflow via integer overflow\n For more information, see:\n https://curl.haxx.se/docs/adv_2017-af0a.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8818\n https://curl.haxx.se/docs/adv_2017-ae72.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817\n https://curl.haxx.se/docs/adv_2017-12e7.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.57.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.57.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.57.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.57.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.57.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.57.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.57.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.57.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n7c750d73de3caae6f3693579a9a25b45 curl-7.57.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\na245fa675fe688226b90349be45322e5 curl-7.57.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nc46af409ba23f04b69113627f3bc14b1 curl-7.57.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne96ddc21d8a897a01ceead8a1b152263 curl-7.57.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\ne60a7329e5fd1abc04224b354815b65c curl-7.57.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n756715e1058e23532b306f54de78e7fd curl-7.57.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nb0b045936f944c26494aacc976981fd2 n/curl-7.57.0-i586-1.txz\n\nSlackware x86_64 -current package:\nd22d333d371dabdd6befe92d41c1e439 n/curl-7.57.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg curl-7.57.0-i586-1_slack14.2.txz", "modified": "2017-11-29T22:40:18", "published": "2017-11-29T22:40:18", "id": "SSA-2017-333-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.440895", "type": "slackware", "title": "[slackware-security] curl", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:05", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817", "CVE-2017-8818", "CVE-2017-8816"], "description": "\nThe cURL project reports:\n\nNTLM buffer overflow via integer overflow\n\t (CVE-2017-8816)libcurl contains a buffer overrun flaw\n\t in the NTLM authentication code.\n\t The internal function Curl_ntlm_core_mk_ntlmv2_hash sums up\n\t the lengths of the user name + password (= SUM) and multiplies\n\t the sum by two (= SIZE) to figure out how large storage to\n\t allocate from the heap.\nFTP wildcard out of bounds read (CVE-2017-8817)\n\t libcurl contains a read out of bounds flaw in the FTP wildcard\n\t function.\n\t libcurl's FTP wildcard matching feature, which is enabled with\n\t the CURLOPT_WILDCARDMATCH option can use a built-in wildcard\n\t function or a user provided one. The built-in wildcard function\n\t has a flaw that makes it not detect the end of the pattern\n\t string if it ends with an open bracket ([) but instead it will\n\t continue reading the heap beyond the end of the URL buffer that\n\t holds the wildcard.\nSSL out of buffer access (CVE-2017-8818)\n\t libcurl contains an out boundary access flaw in SSL related code.\n\t When allocating memory for a connection (the internal struct\n\t called connectdata), a certain amount of memory is allocated at\n\t the end of the struct to be used for SSL related structs. Those\n\t structs are used by the particular SSL library libcurl is built\n\t to use. The application can also tell libcurl which specific SSL\n\t library to use if it was built to support more than one.\n\t \n\n", "edition": 6, "modified": "2017-12-11T00:00:00", "published": "2017-11-29T00:00:00", "id": "301A01B7-D50E-11E7-AC58-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/301a01b7-d50e-11e7-ac58-b499baebfeaf.html", "title": "cURL -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2017-12-14T23:35:27", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8817", "CVE-2017-1000254", "CVE-2017-8818", "CVE-2017-8816", "CVE-2017-1000257"], "description": "### Background\n\nA command line tool and library for transferring data with URLs.\n\n### Description\n\nMultiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could cause a Denial of Service condition, disclose sensitive information or other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll cURL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/curl-7.57.0\"", "edition": 1, "modified": "2017-12-14T00:00:00", "published": "2017-12-14T00:00:00", "href": "https://security.gentoo.org/glsa/201712-04", "id": "GLSA-201712-04", "title": "cURL: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "apple": [{"lastseen": "2020-12-24T20:44:37", "bulletinFamily": "software", "cvelist": ["CVE-2017-5754", "CVE-2018-4083", "CVE-2018-4100", "CVE-2018-4092", "CVE-2018-4082", "CVE-2018-4091", "CVE-2018-4147", "CVE-2017-13889", "CVE-2017-8817", "CVE-2017-5708", "CVE-2018-4298", "CVE-2018-4093", "CVE-2018-4086", "CVE-2017-5705", "CVE-2018-4169", "CVE-2017-8816", "CVE-2018-4098", "CVE-2018-4088", "CVE-2018-4094", "CVE-2018-4096", "CVE-2018-4084", "CVE-2018-4097", "CVE-2018-4089", "CVE-2018-4090", "CVE-2017-7830", "CVE-2018-4085", "CVE-2018-4189"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan\n\nReleased January 23, 2018\n\n**Audio**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4094: Mingi Cho, Seoyoung Kim, Young-Ho Lee, MinSik Shin and Taekyoung Kwon of the Information Security Lab, Yonsei University\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Multiple issues in curl\n\nDescription: An integer overflow existed in curl. This issue was addressed with improved bounds checking.\n\nCVE-2017-8816: Alex Nichols\n\nEntry added November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Multiple issues in curl\n\nDescription: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.\n\nCVE-2017-8817: found by OSS-Fuzz\n\nEntry updated November 16, 2018\n\n**EFI**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nDescription: Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. \n\nCVE-2017-5705: Mark Ermolov and Maxim Goryachy from Positive Technologies\n\nEntry added January 30, 2018\n\n**EFI**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nDescription: Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.\n\nCVE-2017-5708: Mark Ermolov and Maxim Goryachy from Positive Technologies\n\nEntry added January 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4098: Siguza\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read kernel memory (Meltdown)\n\nDescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.\n\nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4090: Jann Horn of Google Project Zero\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2018-4092: Stefan Esser of Antid0te UG\n\nEntry updated February 8, 2018, updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4082: Russ Cox of Google\n\nEntry updated November 16, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4097: Resecurity, Inc.\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4093: Jann Horn of Google Project Zero\n\n**Kernel**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.2\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4189: an anonymous researcher\n\nEntry added May 2, 2018\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4169: an anonymous researcher\n\nEntry added May 2, 2018, updated November 16, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4100: Abraham Masri @cheesecakeufo\n\nEntry updated November 16, 2018\n\n**QuartzCore**\n\nAvailable for: OS X El Capitan 10.11.6, macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of web content. This issue was addressed with improved input validation.\n\nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative\n\nEntry updated November 16, 2018\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A remote user may be able to gain root privileges\n\nDescription: A permissions issue existed in Remote Management. This issue was addressed through improved permission validation.\n\nCVE-2018-4298: Tim van der Werff of SupCloud\n\nEntry added July 19, 2018\n\n**Sandbox**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2018-4091: Alex Gaynor of Mozilla\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: A certificate may have name constraints applied incorrectly\n\nDescription: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.\n\nCVE-2018-4086: Ian Haken of Netflix\n\nEntry updated November 16, 2018\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: An attacker may be able to bypass administrator authentication without supplying the administrator\u2019s password\n\nDescription: A logic error existed in the validation of credentials. This was addressed with improved credential validation.\n\nCVE-2017-13889: Glenn G. Bruckno, P.E. of Automation Engineering, James Barnes, Kevin Manca of Computer Engineering Politecnico di Milano, Rene Malenfant of University of New Brunswick\n\nEntry added June 21, 2018\n\n**Touch Bar Support**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4083: Ian Beer of Google Project Zero\n\nEntry added February 9, 2018\n\n**WebKit**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4088: Jeonghoon Shin of Theori\n\nCVE-2018-4089: Ivan Fratric of Google Project Zero\n\nCVE-2018-4096: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4147: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\n**WebKit Page Loading**\n\nAvailable for: macOS High Sierra 10.13.2\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7830: Jun Kokatsu (@shhnjk)\n\nEntry added October 18, 2018\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4084: Hyung Sup Lee of Minionz, You Chan Lee of Hanyang University\n", "edition": 2, "modified": "2018-11-17T12:29:37", "published": "2018-11-17T12:29:37", "id": "APPLE:HT208465", "href": "https://support.apple.com/kb/HT208465", "title": "About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-9586", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-15710", "CVE-2017-15715", "CVE-2017-7407", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301", "CVE-2018-11763", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1303", "CVE-2018-1312", "CVE-2018-1333", "CVE-2018-14618"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928)\n\nSecurity Fix(es):\n\n* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)\n\n* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)\n\n* httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)\n\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)\n\n* httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)\n\n* httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)\n\n* httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)\n\n* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)\n\n* curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Curl project for reporting CVE-2017-8816, CVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. Upstream acknowledges Alex Nichols as the original reporter of CVE-2017-8816; the OSS-Fuzz project as the original reporter of CVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of CVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz project as the original reporters of CVE-2017-1000257; Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Even Rouault as the original reporter of CVE-2017-1000100; Brian Carpenter as the original reporter of CVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618; and Dario Weisser as the original reporter of CVE-2018-1000121.\n\nBug Fix(es):\n\n* Previously, the Apache HTTP Server from the httpd24 Software Collection was unable to handle situations when static content was repeatedly requested in a browser by refreshing the page. As a consequence, HTTP/2 connections timed out and httpd became unresponsive. This bug has been fixed, and HTTP/2 connections now work as expected in the described scenario. (BZ#1518737)\n\nEnhancement(s):\n\n* This update adds the mod_md module to the httpd24 Software Collection. This module enables managing domains across virtual hosts and certificate provisioning using the Automatic Certificate Management Environment (ACME) protocol. The mod_md module is available only for Red Hat Enterprise Linux 7. (BZ#1640722)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Software Collections 3.2 Release Notes linked from the References section.", "modified": "2018-11-13T13:04:35", "published": "2018-11-13T13:00:33", "id": "RHSA-2018:3558", "href": "https://access.redhat.com/errata/RHSA-2018:3558", "type": "redhat", "title": "(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
