ID DEBIAN:DSA-2398-1:A6208 Type debian Reporter Debian Modified 2012-01-30T20:06:44
Description
Debian Security Advisory DSA-2398-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
January 30, 2012 http://www.debian.org/security/faq
Package : curl
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3389 CVE-2012-0036
Several vulnerabilities have been discovered in Curl, an URL transfer
library. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2011-3389
This update enables OpenSSL workarounds against the "BEAST" attack.
Additional information can be found in the Curl advisory:
http://curl.haxx.se/docs/adv_20120124B.html
CVE-2012-0036
Dan Fandrich discovered that Curl performs insufficient sanitising
when extracting the file path part of an URL.
For the oldstable distribution (lenny), this problem has been fixed in
version 7.18.2-8lenny6.
For the stable distribution (squeeze), this problem has been fixed in
version 7.21.0-2.1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in
version 7.24.0-1.
We recommend that you upgrade your curl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
{"id": "DEBIAN:DSA-2398-1:A6208", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 2398-1] curl security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2398-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 30, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3389 CVE-2012-0036 \n\nSeveral vulnerabilities have been discovered in Curl, an URL transfer \nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2011-3389\n\n This update enables OpenSSL workarounds against the "BEAST" attack.\n Additional information can be found in the Curl advisory:\n http://curl.haxx.se/docs/adv_20120124B.html\n\nCVE-2012-0036\n\n Dan Fandrich discovered that Curl performs insufficient sanitising\n when extracting the file path part of an URL.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2012-01-30T20:06:44", "modified": "2012-01-30T20:06:44", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00022.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "type": "debian", "lastseen": "2020-11-11T13:11:51", "edition": 3, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3389", "CVE-2012-0036"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231070715", "OPENVAS:70715", "OPENVAS:831573", "OPENVAS:1361412562310831573", "OPENVAS:136141256231071186", "OPENVAS:71186", "OPENVAS:1361412562310840876", "OPENVAS:840876", "OPENVAS:863872", "OPENVAS:1361412562310863872"]}, {"type": "nessus", "idList": ["FEDORA_2012-0894.NASL", "MANDRIVA_MDVSA-2012-058.NASL", "KERIO_CONNECT_810.NASL", "UBUNTU_USN-1346-1.NASL", "GENTOO_GLSA-201203-02.NASL", "SUSE_CURL-7937.NASL", "FEDORA_2012-0888.NASL", "SUSE_11_4_CURL-120124.NASL", "OPENSUSE-2012-76.NASL", "DEBIAN_DSA-2398.NASL"]}, {"type": "f5", "idList": ["SOL13400", "F5:K13400"]}, {"type": "gentoo", "idList": ["GLSA-201203-02"]}, {"type": "ubuntu", "idList": ["USN-1346-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30611", "SECURITYVULNS:DOC:27616", "SECURITYVULNS:VULN:12171"]}, {"type": "fedora", "idList": ["FEDORA:7EE8622E3A", "FEDORA:602F820DCB", "FEDORA:4053B20CDA", "FEDORA:2490220CD3", "FEDORA:E779120CA7", "FEDORA:5A57F22DE8", "FEDORA:37BAE20CD9", "FEDORA:04F1C20CB8", "FEDORA:62E9022DEA", "FEDORA:E446A2122A"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2398-2:1A463"]}, {"type": "freebsd", "idList": ["18CE9A90-F269-11E1-BE53-080027EF73EC"]}, {"type": "ics", "idList": ["ICSA-14-098-03"]}, {"type": "seebug", "idList": ["SSV:20957"]}, {"type": "mskb", "idList": ["KB2643584"]}], "modified": "2020-11-11T13:11:51", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-11-11T13:11:51", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "arch": "all", "operator": "lt", "packageFilename": "curl_7.18.2-8lenny6_all.deb", "packageName": "curl", "packageVersion": "7.18.2-8lenny6"}, {"OS": "Debian", "OSVersion": "6", "arch": "all", "operator": "lt", "packageFilename": "curl_7.21.0-2.1+squeeze1_all.deb", "packageName": "curl", "packageVersion": "7.21.0-2.1+squeeze1"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:59:43", "description": "curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.", "edition": 4, "cvss3": {}, "published": "2012-04-13T20:55:00", "title": "CVE-2012-0036", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0036"], "modified": "2018-01-10T02:29:00", "cpe": ["cpe:/a:curl:libcurl:7.22.0", "cpe:/a:curl:libcurl:7.21.3", "cpe:/a:curl:libcurl:7.21.2", "cpe:/a:curl:curl:7.21.5", "cpe:/a:curl:curl:7.21.3", "cpe:/a:curl:libcurl:7.21.5", "cpe:/a:curl:curl:7.21.7", "cpe:/a:curl:libcurl:7.21.0", "cpe:/a:curl:curl:7.21.4", "cpe:/a:curl:curl:7.21.2", "cpe:/a:curl:curl:7.20.0", "cpe:/a:curl:libcurl:7.23.0", "cpe:/a:curl:curl:7.23.1", "cpe:/a:curl:curl:7.21.0", "cpe:/a:curl:curl:7.23.0", "cpe:/a:curl:libcurl:7.20.1", "cpe:/a:curl:libcurl:7.21.4", "cpe:/a:curl:libcurl:7.23.1", "cpe:/a:curl:curl:7.22.0", "cpe:/a:curl:libcurl:7.21.6", "cpe:/a:curl:curl:7.20.1", "cpe:/a:curl:libcurl:7.21.7", "cpe:/a:curl:libcurl:7.20.0", "cpe:/a:curl:curl:7.21.6", "cpe:/a:curl:curl:7.21.1", "cpe:/a:curl:libcurl:7.21.1"], "id": "CVE-2012-0036", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0036", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:curl:libcurl:7.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl:7.23.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:06", "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "edition": 6, "cvss3": {}, "published": "2011-09-06T19:55:00", "title": "CVE-2011-3389", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389"], "modified": "2018-10-12T22:01:00", "cpe": ["cpe:/a:opera:opera_browser:*", "cpe:/a:mozilla:firefox:*", "cpe:/a:microsoft:ie:*", "cpe:/a:google:chrome:*", "cpe:/o:microsoft:windows:*"], "id": "CVE-2011-3389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:*:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-02T10:57:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "description": "Check for the Version of curl", "modified": "2018-01-01T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:831573", "href": "http://plugins.openvas.org/nasl.php?oid=831573", "type": "openvas", "title": "Mandriva Update for curl MDVSA-2012:058 (curl)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for curl MDVSA-2012:058 (curl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in curl:\n\n curl is vulnerable to a SSL CBC IV vulnerability when built to use\n OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate\n the problem (CVE-2011-3389).\n\n curl is vulnerable to a data injection attack for certain protocols\n through control characters embedded or percent-encoded in URLs\n (CVE-2012-0036).\n\n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"curl on Mandriva Linux 2011.0,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:058\");\n script_id(831573);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:18 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:058\");\n script_name(\"Mandriva Update for curl MDVSA-2012:058 (curl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-examples\", rpm:\"curl-examples~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl4\", rpm:\"lib64curl4~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl-devel\", rpm:\"lib64curl-devel~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-examples\", rpm:\"curl-examples~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl4\", rpm:\"lib64curl4~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl-devel\", rpm:\"lib64curl-devel~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "description": "The remote host is missing an update to curl\nannounced via advisory DSA 2398-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70715", "href": "http://plugins.openvas.org/nasl.php?oid=70715", "type": "openvas", "title": "Debian Security Advisory DSA 2398-1 (curl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2398_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2398-1 (curl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Curl, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2011-3389\n\nThis update enables OpenSSL workarounds against the BEAST attack.\nAdditional information can be found in the Curl advisory:\nhttp://curl.haxx.se/docs/adv_20120124B.html\n\nCVE-2012-0036\n\nDan Fandrich discovered that Curl performs insufficient sanitising\nwhen extracting the file path part of an URL.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1.\n\nWe recommend that you upgrade your curl packages.\";\ntag_summary = \"The remote host is missing an update to curl\nannounced via advisory DSA 2398-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202398-1\";\n\nif(description)\n{\n script_id(70715);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:35:15 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2398-1 (curl)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310831573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831573", "type": "openvas", "title": "Mandriva Update for curl MDVSA-2012:058 (curl)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for curl MDVSA-2012:058 (curl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:058\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831573\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:18 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:058\");\n script_name(\"Mandriva Update for curl MDVSA-2012:058 (curl)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|2010\\.1)\");\n script_tag(name:\"affected\", value:\"curl on Mandriva Linux 2011.0,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been found and corrected in curl:\n\n curl is vulnerable to a SSL CBC IV vulnerability when built to use\n OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate\n the problem (CVE-2011-3389).\n\n curl is vulnerable to a data injection attack for certain protocols\n through control characters embedded or percent-encoded in URLs\n (CVE-2012-0036).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-examples\", rpm:\"curl-examples~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl4\", rpm:\"lib64curl4~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl-devel\", rpm:\"lib64curl-devel~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-examples\", rpm:\"curl-examples~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl4\", rpm:\"lib64curl4~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl-devel\", rpm:\"lib64curl-devel~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "description": "The remote host is missing an update to curl\nannounced via advisory DSA 2398-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070715", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070715", "type": "openvas", "title": "Debian Security Advisory DSA 2398-1 (curl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2398_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2398-1 (curl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70715\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:35:15 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2398-1 (curl)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202398-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in Curl, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2011-3389\n\nThis update enables OpenSSL workarounds against the BEAST attack.\n\nCVE-2012-0036\n\nDan Fandrich discovered that Curl performs insufficient sanitising\nwhen extracting the file path part of an URL.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your curl packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to curl\nannounced via advisory DSA 2398-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2010-0734", "CVE-2012-0036", "CVE-2011-2192"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-02.", "modified": "2018-10-12T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071186", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071186", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-02 (cURL)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201203_02.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71186\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-0734\", \"CVE-2011-2192\", \"CVE-2011-3389\", \"CVE-2012-0036\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-02 (cURL)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in cURL, the worst of\n which might allow remote execution of arbitrary code.\");\n script_tag(name:\"solution\", value:\"All cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.24.0'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-02\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=308645\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373235\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=400799\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201203-02.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/curl\", unaffected: make_list(\"ge 7.24.0\"), vulnerable: make_list(\"lt 7.24.0\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2010-0734", "CVE-2012-0036", "CVE-2011-2192"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201203-02.", "modified": "2017-07-07T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:71186", "href": "http://plugins.openvas.org/nasl.php?oid=71186", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201203-02 (cURL)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in cURL, the worst of\n which might allow remote execution of arbitrary code.\";\ntag_solution = \"All cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.24.0'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201203-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=308645\nhttp://bugs.gentoo.org/show_bug.cgi?id=373235\nhttp://bugs.gentoo.org/show_bug.cgi?id=400799\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201203-02.\";\n\n \n \nif(description)\n{\n script_id(71186);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-0734\", \"CVE-2011-2192\", \"CVE-2011-3389\", \"CVE-2012-0036\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:35 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201203-02 (cURL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/curl\", unaffected: make_list(\"ge 7.24.0\"), vulnerable: make_list(\"lt 7.24.0\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:19:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0036"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1346-1", "modified": "2017-12-01T00:00:00", "published": "2012-01-25T00:00:00", "id": "OPENVAS:840876", "href": "http://plugins.openvas.org/nasl.php?oid=840876", "type": "openvas", "title": "Ubuntu Update for curl USN-1346-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1346_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for curl USN-1346-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Fandrich discovered that curl incorrectly handled URLs containing\n embedded or percent-encoded control characters. If a user or automated\n system were tricked into processing a specially crafted URL, arbitrary\n data could be injected.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1346-1\";\ntag_affected = \"curl on Ubuntu 11.04 ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1346-1/\");\n script_id(840876);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:16:25 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0036\");\n script_xref(name: \"USN\", value: \"1346-1\");\n script_name(\"Ubuntu Update for curl USN-1346-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.3-1ubuntu1.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.3-1ubuntu1.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.21.3-1ubuntu1.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0036"], "description": "Check for the Version of curl", "modified": "2018-01-10T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:863872", "href": "http://plugins.openvas.org/nasl.php?oid=863872", "type": "openvas", "title": "Fedora Update for curl FEDORA-2012-0894", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2012-0894\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"curl on Fedora 16\";\ntag_insight = \"curl is a command line tool for transferring data with URL syntax, supporting\n FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\n SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\n uploading, HTTP form based upload, proxies, cookies, user+password\n authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\n resume, proxy tunneling and a busload of other useful tricks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072531.html\");\n script_id(863872);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:27:15 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0036\");\n script_xref(name: \"FEDORA\", value: \"2012-0894\");\n script_name(\"Fedora Update for curl FEDORA-2012-0894\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.21.7~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0036"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1346-1", "modified": "2019-03-13T00:00:00", "published": "2012-01-25T00:00:00", "id": "OPENVAS:1361412562310840876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840876", "type": "openvas", "title": "Ubuntu Update for curl USN-1346-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1346_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for curl USN-1346-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1346-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840876\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:16:25 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0036\");\n script_xref(name:\"USN\", value:\"1346-1\");\n script_name(\"Ubuntu Update for curl USN-1346-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1346-1\");\n script_tag(name:\"affected\", value:\"curl on Ubuntu 11.04,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Fandrich discovered that curl incorrectly handled URLs containing\n embedded or percent-encoded control characters. If a user or automated\n system were tricked into processing a specially crafted URL, arbitrary\n data could be injected.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.3-1ubuntu1.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.3-1ubuntu1.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.21.3-1ubuntu1.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0036"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863872", "type": "openvas", "title": "Fedora Update for curl FEDORA-2012-0894", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2012-0894\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072531.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863872\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:27:15 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0036\");\n script_xref(name:\"FEDORA\", value:\"2012-0894\");\n script_name(\"Fedora Update for curl FEDORA-2012-0894\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"curl on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.21.7~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T11:53:38", "description": "Multiple vulnerabilities has been found and corrected in curl :\n\ncurl is vulnerable to a SSL CBC IV vulnerability when built to use\nOpenSSL for the SSL/TLS layer. A work-around has been added to\nmitigate the problem (CVE-2011-3389).\n\ncurl is vulnerable to a data injection attack for certain protocols\nthrough control characters embedded or percent-encoded in URLs\n(CVE-2012-0036).\n\nThe updated packages have been patched to correct these issues.", "edition": 26, "published": "2012-04-16T00:00:00", "title": "Mandriva Linux Security Advisory : curl (MDVSA-2012:058)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2012-04-16T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libcurl4", "p-cpe:/a:mandriva:linux:lib64curl-devel", "p-cpe:/a:mandriva:linux:lib64curl4", "p-cpe:/a:mandriva:linux:curl", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:curl-examples", "p-cpe:/a:mandriva:linux:libcurl-devel"], "id": "MANDRIVA_MDVSA-2012-058.NASL", "href": "https://www.tenable.com/plugins/nessus/58759", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:058. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58759);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_bugtraq_id(49778, 51665);\n script_xref(name:\"MDVSA\", value:\"2012:058\");\n\n script_name(english:\"Mandriva Linux Security Advisory : curl (MDVSA-2012:058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in curl :\n\ncurl is vulnerable to a SSL CBC IV vulnerability when built to use\nOpenSSL for the SSL/TLS layer. A work-around has been added to\nmitigate the problem (CVE-2011-3389).\n\ncurl is vulnerable to a data injection attack for certain protocols\nthrough control characters embedded or percent-encoded in URLs\n(CVE-2012-0036).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2012-0036.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://curl.haxx.se/docs/adv_20120124B.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/manpage.html#--ssl-allow-beast\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLOPTIONS\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://thread.gmane.org/gmane.comp.web.curl.library/34659\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"curl-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"curl-examples-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64curl4-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libcurl-devel-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libcurl4-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"curl-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"curl-examples-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64curl4-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libcurl-devel-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libcurl4-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:14", "description": "Several vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2011-3389\n This update enables OpenSSL workarounds against the\n 'BEAST' attack. Additional information can be found in\n the cURL advisory\n\n - CVE-2012-0036\n Dan Fandrich discovered that cURL performs insufficient\n sanitising when extracting the file path part of an URL.", "edition": 18, "published": "2012-01-31T00:00:00", "title": "Debian DSA-2398-2 : curl - several vulnerabilities (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2012-01-31T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:curl"], "id": "DEBIAN_DSA-2398.NASL", "href": "https://www.tenable.com/plugins/nessus/57738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57738);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_bugtraq_id(49388, 49778, 51665);\n script_xref(name:\"DSA\", value:\"2398\");\n\n script_name(english:\"Debian DSA-2398-2 : curl - several vulnerabilities (BEAST)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2011-3389\n This update enables OpenSSL workarounds against the\n 'BEAST' attack. Additional information can be found in\n the cURL advisory\n\n - CVE-2012-0036\n Dan Fandrich discovered that cURL performs insufficient\n sanitising when extracting the file path part of an URL.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3389\"\n );\n # http://curl.haxx.se/docs/adv_20120124B.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://curl.haxx.se/docs/CVE-2011-3389.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"curl\", reference:\"7.18.2-8lenny6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"curl\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3-dbg\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3-gnutls\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:25:44", "description": " - Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452,\n CVE-2012-0036)\n\n - Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option\n when built against an older OpenSSL version\n (CVE-2010-4180).\n\n - Don't enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\n (bnc#742306, CVE-2011-3389).", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4180", "CVE-2011-3389", "CVE-2012-0036"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:libcurl4-32bit"], "id": "OPENSUSE-2012-76.NASL", "href": "https://www.tenable.com/plugins/nessus/74807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-76.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74807);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4180\", \"CVE-2011-3389\", \"CVE-2012-0036\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)\");\n script_summary(english:\"Check for the openSUSE-2012-76 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452,\n CVE-2012-0036)\n\n - Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option\n when built against an older OpenSSL version\n (CVE-2010-4180).\n\n - Don't enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\n (bnc#742306, CVE-2011-3389).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742306\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"curl-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"curl-debuginfo-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcurl-devel-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcurl4-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcurl4-debuginfo-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.22.0-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl-devel / libcurl4-32bit / libcurl4 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:36:05", "description": "The following vulnerabilities have been fixed in curl :\n\n - IMAP, POP3 and SMTP URL sanitization vulnerability\n (CVE-2012-0036)\n\n - disable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\n (CVE-2011-3389)\n\n - disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option\n for older openssl versions (CVE-2010-4180)", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4180", "CVE-2011-3389", "CVE-2012-0036"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:libcurl4-32bit"], "id": "SUSE_11_4_CURL-120124.NASL", "href": "https://www.tenable.com/plugins/nessus/75806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update curl-5702.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75806);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-4180\", \"CVE-2011-3389\", \"CVE-2012-0036\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)\");\n script_summary(english:\"Check for the curl-5702 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been fixed in curl :\n\n - IMAP, POP3 and SMTP URL sanitization vulnerability\n (CVE-2012-0036)\n\n - disable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\n (CVE-2011-3389)\n\n - disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option\n for older openssl versions (CVE-2010-4180)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00032.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"curl-7.21.2-10.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"curl-debuginfo-7.21.2-10.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libcurl-devel-7.21.2-10.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libcurl4-7.21.2-10.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libcurl4-debuginfo-7.21.2-10.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.21.2-10.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.21.2-10.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl-devel / libcurl4 / libcurl4-32bit / curl-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:53:29", "description": "The remote host is affected by the vulnerability described in GLSA-201203-02\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in cURL:\n When zlib is enabled, the amount of data sent to an application for\n automatic decompression is not restricted (CVE-2010-0734).\n When performing GSSAPI authentication, credential delegation is\n always used (CVE-2011-2192).\n When SSL is enabled, cURL improperly disables the OpenSSL workaround\n to mitigate an information disclosure vulnerability in the SSL and TLS\n protocols (CVE-2011-3389).\n libcurl does not properly verify file paths for escape control\n characters in IMAP, POP3 or SMTP URLs (CVE-2012-0036).\n \nImpact :\n\n A remote attacker could entice a user or automated process to open a\n specially crafted file or URL using cURL, possibly resulting in the\n remote execution of arbitrary code, a Denial of Service condition,\n disclosure of sensitive information, or unwanted actions performed via\n the IMAP, POP3 or SMTP protocols. Furthermore, remote servers may be able\n to impersonate clients via GSSAPI requests.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-03-06T00:00:00", "title": "GLSA-201203-02 : cURL: Multiple vulnerabilities (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389", "CVE-2010-0734", "CVE-2012-0036", "CVE-2011-2192"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:curl"], "id": "GENTOO_GLSA-201203-02.NASL", "href": "https://www.tenable.com/plugins/nessus/58212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58212);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0734\", \"CVE-2011-2192\", \"CVE-2011-3389\", \"CVE-2012-0036\");\n script_bugtraq_id(38162, 48434, 49778, 51665);\n script_xref(name:\"GLSA\", value:\"201203-02\");\n\n script_name(english:\"GLSA-201203-02 : cURL: Multiple vulnerabilities (BEAST)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-02\n(cURL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in cURL:\n When zlib is enabled, the amount of data sent to an application for\n automatic decompression is not restricted (CVE-2010-0734).\n When performing GSSAPI authentication, credential delegation is\n always used (CVE-2011-2192).\n When SSL is enabled, cURL improperly disables the OpenSSL workaround\n to mitigate an information disclosure vulnerability in the SSL and TLS\n protocols (CVE-2011-3389).\n libcurl does not properly verify file paths for escape control\n characters in IMAP, POP3 or SMTP URLs (CVE-2012-0036).\n \nImpact :\n\n A remote attacker could entice a user or automated process to open a\n specially crafted file or URL using cURL, possibly resulting in the\n remote execution of arbitrary code, a Denial of Service condition,\n disclosure of sensitive information, or unwanted actions performed via\n the IMAP, POP3 or SMTP protocols. Furthermore, remote servers may be able\n to impersonate clients via GSSAPI requests.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All cURL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/curl-7.24.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/curl\", unaffected:make_list(\"ge 7.24.0\"), vulnerable:make_list(\"lt 7.24.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cURL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:51", "description": "reject URLs containing bad data (CVE-2012-0036)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-01-30T00:00:00", "title": "Fedora 16 : curl-7.21.7-6.fc16 (2012-0894)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0036"], "modified": "2012-01-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:curl"], "id": "FEDORA_2012-0894.NASL", "href": "https://www.tenable.com/plugins/nessus/57719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0894.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57719);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0036\");\n script_bugtraq_id(51665);\n script_xref(name:\"FEDORA\", value:\"2012-0894\");\n\n script_name(english:\"Fedora 16 : curl-7.21.7-6.fc16 (2012-0894)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"reject URLs containing bad data (CVE-2012-0036)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773457\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072531.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f90ccf0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"curl-7.21.7-6.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:51", "description": "reject URLs containing bad data (CVE-2012-0036)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-02-13T00:00:00", "title": "Fedora 15 : curl-7.21.3-13.fc15 (2012-0888)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0036"], "modified": "2012-02-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-0888.NASL", "href": "https://www.tenable.com/plugins/nessus/57897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0888.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57897);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0036\");\n script_bugtraq_id(51665);\n script_xref(name:\"FEDORA\", value:\"2012-0888\");\n\n script_name(english:\"Fedora 15 : curl-7.21.3-13.fc15 (2012-0888)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"reject URLs containing bad data (CVE-2012-0036)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=773457\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073162.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0fc804d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"curl-7.21.3-13.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:14:02", "description": "This update to curl fixes the following security issue :\n\n - Don't set SSL_OP_ALL to avoid potential DTLS sniffing\n attacks. (CVE-2012-0036)", "edition": 18, "published": "2012-02-06T00:00:00", "title": "SuSE 10 Security Update : curl (ZYPP Patch Number 7937)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0036"], "modified": "2012-02-06T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CURL-7937.NASL", "href": "https://www.tenable.com/plugins/nessus/57842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57842);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0036\");\n\n script_name(english:\"SuSE 10 Security Update : curl (ZYPP Patch Number 7937)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to curl fixes the following security issue :\n\n - Don't set SSL_OP_ALL to avoid potential DTLS sniffing\n attacks. (CVE-2012-0036)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0036.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7937.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"curl-7.15.1-19.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"curl-devel-7.15.1-19.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"curl-32bit-7.15.1-19.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"curl-7.15.1-19.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"curl-devel-7.15.1-19.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"curl-32bit-7.15.1-19.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:23:16", "description": "Dan Fandrich discovered that curl incorrectly handled URLs containing\nembedded or percent-encoded control characters. If a user or automated\nsystem were tricked into processing a specially crafted URL, arbitrary\ndata could be injected.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2012-01-25T00:00:00", "title": "Ubuntu 10.10 / 11.04 / 11.10 : curl vulnerability (USN-1346-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0036"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls"], "id": "UBUNTU_USN-1346-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57689", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1346-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57689);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-0036\");\n script_xref(name:\"USN\", value:\"1346-1\");\n\n script_name(english:\"Ubuntu 10.10 / 11.04 / 11.10 : curl vulnerability (USN-1346-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Fandrich discovered that curl incorrectly handled URLs containing\nembedded or percent-encoded control characters. If a user or automated\nsystem were tricked into processing a specially crafted URL, arbitrary\ndata could be injected.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1346-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libcurl3, libcurl3-gnutls and / or libcurl3-nss\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcurl3\", pkgver:\"7.21.0-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.21.0-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libcurl3\", pkgver:\"7.21.3-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.21.3-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.21.3-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libcurl3\", pkgver:\"7.21.6-3ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.21.6-3ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.21.6-3ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcurl3 / libcurl3-gnutls / libcurl3-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:07:49", "description": " - Added a patch to fix errors in the pkcs11n.h header\n file. (bmo#702090)\n\n - update to 3.13.1 RTM\n\n - better SHA-224 support (bmo#647706)\n\n - fixed a regression (causing hangs in some situations)\n introduced in 3.13 (bmo#693228)\n\n - update to 3.13.0 RTM\n\n - SSL 2.0 is disabled by default\n\n - A defense against the SSL 3.0 and TLS 1.0 CBC chosen\n plaintext attack demonstrated by Rizzo and Duong\n (CVE-2011-3389) is enabled by default. Set the\n SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n\n - SHA-224 is supported\n\n - Ported to iOS. (Requires NSPR 4.9.)\n\n - Added PORT_ErrorToString and PORT_ErrorToName to return\n the error message and symbolic name of an NSS error code\n\n - Added NSS_GetVersion to return the NSS version string\n\n - Added experimental support of RSA-PSS to the softoken\n only\n\n - NSS_NoDB_Init does not try to open /pkcs11.txt and\n /secmod.db anymore (bmo#641052, bnc#726096)", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3389"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel"], "id": "OPENSUSE-2011-100.NASL", "href": "https://www.tenable.com/plugins/nessus/74514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2011-100.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74514);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3389\");\n\n script_name(english:\"openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)\");\n script_summary(english:\"Check for the openSUSE-2011-100 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Added a patch to fix errors in the pkcs11n.h header\n file. (bmo#702090)\n\n - update to 3.13.1 RTM\n\n - better SHA-224 support (bmo#647706)\n\n - fixed a regression (causing hangs in some situations)\n introduced in 3.13 (bmo#693228)\n\n - update to 3.13.0 RTM\n\n - SSL 2.0 is disabled by default\n\n - A defense against the SSL 3.0 and TLS 1.0 CBC chosen\n plaintext attack demonstrated by Rizzo and Duong\n (CVE-2011-3389) is enabled by default. Set the\n SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n\n - SHA-224 is supported\n\n - Ported to iOS. (Requires NSPR 4.9.)\n\n - Added PORT_ErrorToString and PORT_ErrorToName to return\n the error message and symbolic name of an NSS error code\n\n - Added NSS_GetVersion to return the NSS version string\n\n - Added experimental support of RSA-PSS to the softoken\n only\n\n - NSS_NoDB_Init does not try to open /pkcs11.txt and\n /secmod.db anymore (bmo#641052, bnc#726096)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726096\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreebl3 / libfreebl3-32bit / libfreebl3-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:39:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-3389", "CVE-2012-1870"], "description": "\nF5 Product Development has assigned ID 368796 (BIG-IP and Enterprise Manager), ID 677660 (BIG-IQ), ID 677978 (F5 iWorkflow), ID 369724 (FirePass), and ID 376745 (ARX) to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 9.0.0 - 9.4.8 \n10.0.0 - 10.2.2 \n*10.2.3 - 10.2.4 \n*11.0.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP GTM | 9.2.2 - 9.4.8 \n10.0.0 - 10.2.2 \n*10.2.3 - 10.2.4 \n*11.0.0 - 11.6.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP DNS | *12.0.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP ASM | 9.2.0 - 9.4.8 \n10.0.0 - 10.2.2 \n*10.2.3 - 10.2.4 \n*11.0.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP Link Controller | 9.2.2 - 9.4.8 \n10.0.0 - 10.2.2 \n*10.2.3 - 10.2.4 \n*11.0.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP WebAccelerator | 9.4.0 - 9.4.8 \n10.0.0 - 10.2.2 \n*10.2.3 - 10.2.4 \n*11.0.0 - 11.3.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP PSM | 9.4.0 - 9.4.8 \n10.0.0 - 10.2.2 \n \n*10.2.3 - 10.2.4 \n*11.0.0 - 11.4.1 | None | Configuration utility \n \nSSL virtual servers \nBIG-IP WOM | 10.0.0 - 10.2.2 \n*10.2.3 - 10.2.4 \n*11.0.0 - 11.3.0 | None | Configuration utility \n \nSSL virtual servers \nBIG-IP APM | 10.1.0 - 10.2.2 \n*10.2.3 - 10.2.4 \n*11.0.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \n \nSSL virtual servers \nBIG-IP Edge Gateway | 10.1.0 - 10.2.2 \n \n*10.2.3 - 10.2.4 \n*11.0.0 - 11.3.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP Analytics | *11.0.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \nBIG-IP AFM | *11.3.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP PEM | *11.3.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \nSSL virtual servers \nBIG-IP AAM | *11.4.0 - 12.1.3 \n*13.0.0 - 13.1.0 | None | Configuration utility \nSSL virtual servers \nFirePass | 6.0.0 - 6.1.0 \n7.0.0 | None | Administrative interface \nWebServices \nEnterprise Manager | 1.8.0 \n2.0.0 - 2.3.0 \n3.0.0 - 3.1.1 | None | Configuration utility \nARX | 5.0.0 - 5.3.1 \n6.0.0 - 6.4.0 | None | ARX Manager GUI \nAPI (disabled by default) \nBIG-IQ Cloud | *4.4.0 - 4.5.0 | None | BIG-IQ user interface (webd) \nBIG-IQ Device | *4.4.0 - 4.5.0 | None | BIG-IQ user interface (webd) \nBIG-IQ Security | *4.4.0 - 4.5.0 | None | BIG-IQ user interface (webd) \nBIG-IQ ADC | *4.5.0 | None | BIG-IQ user interface (webd) \nBIG-IQ Centralized Management | *5.0.0 - 5.4.0 \n*4.6.0 | None | BIG-IQ user interface (webd) \nBIG-IQ Cloud and Orchestration | *1.0.0 | None | BIG-IQ user interface (webd) \nF5 iWorkflow | *2.0.0 - 2.3.0 | None | iWorkflow user interface (webd) \n \n*Mitigation is available for these BIG-IP, BIG-IQ, and iWorkflow versions with the introduction of support for TLS 1.2. For more information, refer to the **Security Advisory Recommended Actions** section.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [BIG-IP](<https://support.f5.com/csp/article/K13400#bigip>)\n * [BIG-IQ/iWorkflow](<https://support.f5.com/csp/article/K13400#bigiq>)\n * [FirePass](<https://support.f5.com/csp/article/K13400#firepass>)\n * [Enterprise Manager](<https://support.f5.com/csp/article/K13400#2.x>)\n * [ARX](<https://support.f5.com/csp/article/K13400#arx>)\n\nBIG-IP\n\nThis vulnerability is exploited on the client-browser side of an SSL connection to either a virtual server or to the Configuration utility. In the case of client-browser access to a virtual server, the vulnerability is exploitable without server access, and no exploited packets are sent to the remote server. The following mitigations for this vulnerability are available for SSL profiles and the Configuration utility:\n\nSSL profiles\n\nMitigation of this vulnerability is possible for virtual servers using an SSL profile by performing one of the following procedures:\n\n * [Configuring the SSL profile to use only TLS 1.1 or TLS 1.2 compatible, or ](<https://support.f5.com/csp/article/K13400#ssl_p1>)[RC4-SHA ciphers](<https://support.f5.com/csp/article/K13400#p1>)\n * TLS 1.1 protocol compatible ciphers are available only for BIG-IP 11.2.0 and later.\n * TLS 1.2 protocol compatible ciphers and RC4-SHA ciphers are available only for BIG-IP 10.2.4 and later, and BIG-IP 11.0.0 and later.\n * [Configuring the SSL profile to use only RC4-SHA ciphers](<https://support.f5.com/csp/article/K13400#ssl_p2>)\n * RC4-SHA ciphers are available for all BIG-IP versions.\n * RC4 ciphers are not FIPS compliant.\n\nConfiguration utility\n\nMitigation of this vulnerability is possible for the Configuration utility by performing one of the following procedures:\n\n * [Restricting the Configuration utility to use only TLS 1.2 compatible or RC4-SHA ciphers](<https://support.f5.com/csp/article/K13400#config_p1>)\n * This option is available only for BIG-IP 11.5.0 and later.\n * Feature enhancements allowing the use of this procedure have also been included in the following software versions: 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, and 10.2.4 HF10.\n * [Restricting the Configuration utility to use only RC4-SHA ciphers](<https://support.f5.com/csp/article/K13400#config_p2>)\n * All BIG-IP versions\n\nConfiguring the SSL profile to use TLS 1.1 or TLS 1.2 compatible ciphers, or RC4-SHA ciphers\n\n**Note**: Support for TLS 1.2 was introduced in BIG-IP 10.2.3 and 11.0.0.\n\nFor BIG-IP 10.2.4 and 11.x, you can mitigate this vulnerability for an SSL virtual server by configuring the SSL profile to use only TLS 1.1-compatible ciphers, TLS 1.2-compatible ciphers, or RC4-SHA ciphers. For information about configuring the ciphers used by an SSL profile, refer to the following articles:\n\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)](<https://support.f5.com/csp/article/K7815>)\n\nFor example, to configure an SSL profile to use only TLS 1.1-compatible ciphers, TLS 1.2-compatible ciphers, or RC4-SHA ciphers, perform the following procedure:\n\n**Note: **When you modify cipher strings, it is helpful to understand the exclamation (**!**) and minus (**-**) negation symbols. When you use the **! **symbol preceding a cipher, the SSL profile permanently removes the cipher from the cipher list, even if it is explicitly stated later in the cipher string. When you use the **\\- **symbol preceding a cipher, the SSL profile removes the cipher from the cipher list, but it can be added back to the cipher list if there are later options that allow it. For more information about building and viewing custom cipher lists, refer to [K15194: Overview of the BIG-IP SSL/TLS cipher suite](<https://support.f5.com/csp/article/K15194>).\n\nConfiguring the SSL profile to use only the RC4-SHA cipher\n\nFor BIG-IP versions that do not support TLS 1.1 or 1.2, you can mitigate this vulnerability for an SSL virtual server by configuring the SSL profile to use only RC4-SHA ciphers. For example, to configure an SSL profile to use only RC4-SHA ciphers, perform the following procedure:\n\n**Impact of workaround:** Only RC4-SHA ciphers are allowed. Limiting the ciphers supported by the SSL profile may result in clients being unable to establish an SSL connection.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Local Traffic** > **Profiles**.\n 3. From the **SSL** list, click **Client**.\n 4. Click **Create**.\n 5. Type a name for the **SSL** profile.\n 6. From the **Parent Profile** menu, choose **clientssl**.\n 7. From the **Configuration** menu, choose **Advanced**.\n 8. Click the **Custom** box for **Ciphers**.\n 9. Delete the DEFAULT cipher string from the **Ciphers** box.\n 10. Enter the desired cipher string in the **Ciphers** box. \n\nFor example, the following string would configure an SSL profile to use only RC4-SHA ciphers:\n\nRC4-SHA\n\n 11. Click **Finished**. \n\nYou must now associate the SSL profile with the virtual server.\n\n**Note**: Alternatively, to configure an SSL profile to use only RC4-SHA ciphers using the** **TMOS Shell (**tmsh**), use the following syntax:\n\ntmsh create /ltm profile client-ssl <name> ciphers RC4-SHA\n\nRestricting the Configuration utility to use only TLS 1.2 compatible or RC4-SHA ciphers\n\n**Note**: Support for TLS 1.2 in the Configuration utility was introduced in BIG-IP 11.5.0.\n\nFor BIG-IP 11.5.0 and later, you can mitigate this vulnerability for the Configuration utility by restricting the utility to use only TLS 1.2-compatible ciphers or RC4-SHA ciphers. For example, to restrict the utility to use only TLS 1.2-compatible ciphers or RC4-SHA ciphers, perform the following procedure:\n\n**Note**: Feature enhancements allowing the use of this procedure have also been included in the following software versions: 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, and 10.2.4 HF10.\n\n**Impact of workaround**: The Configuration utility will use only TLS 1.2-compatible ciphers or RC4-SHA ciphers. There is limited client browser support for TLS 1.2. Clients who do not support TLS 1.2 may not be able to connect, or will connect using an RC4-SHA cipher.\n\n**Important**: Many client browsers do not support TLS 1.2.\n\n 1. Log in to **tmsh** by typing the following command: \n\ntmsh\n\n 2. Before you change the SSL cipher string, you should review the existing string for your specific BIG-IP version. To list the currently configured cipher string, type the following command: \n\nlist /sys httpd ssl-ciphersuite\n\nFor example, the BIG-IP 11.5.1 system displays the following cipher string:\n\nALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\n 3. To restrict Configuration utility access to clients using TLS 1.2 or RC4-SHA ciphers, type the following command: \n\nmodify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:-TLSv1:-SSLv3:RC4-SHA'\n\nAlternatively, if you can restrict to only TLS 1.1 and TLS 1.2 ciphers, then type the following command instead:\n\nmodify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1'\n\n 4. Save the configuration change by typing the following command: \n\nsave /sys config\n\nRestricting the Configuration utility to use only RC4-SHA ciphers\n\nFor BIG-IP versions that do not support TLS 1.2, you can mitigate this vulnerability for the Configuration utility by restricting the utility to use only RC4-SHA ciphers. For example, to restrict the utility to use only RC4-SHA ciphers, perform the following procedure:\n\n**Impact of workaround**: Only RC4-SHA ciphers are allowed. Limiting the ciphers supported by The Configuration utility may result in clients being unable to connect.\n\n 1. Log in to **tmsh** by typing the following command: \n\ntmsh\n\n 2. Before you change the SSL cipher string, you should review the existing string for your specific BIG-IP version. To list the currently configured cipher string, type the following command: \n\nlist /sys httpd ssl-ciphersuite\n\nFor example, the BIG-IP 11.5.1 system displays the following cipher string:\n\nALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\n 3. To restrict Configuration utility access to clients using RC4-SHA ciphers, type the following command: \n\nmodify /sys httpd ssl-ciphersuite 'RC4-SHA'\n\n 4. Save the configuration change by typing the following command: \n\nsave /sys config\n\nBIG-IQ/iWorkflow\n\nThis vulnerability is exploited on the client-browser side of an SSL connection to the BIG-IQ or iWorkflow user interface. Mitigation of this vulnerability is available for the BIG-IQ and iWorkflow user interface by removing all SSL and TLS 1.0 protocols from the BIG-IQ or iWorkflow user interface configuration. To do so, perform the following procedure:\n\n**Impact of workaround**: This procedure restarts the **webd** process and temporarily disrupts traffic to the BIG-IQ or iWorkflow system. You should perform this procedure during a maintenance window.\n\n 1. Log in to the BIG-IQ or iWorkflow command line.\n 2. Back up a copy of the **/etc/webd/webd.conf** file by typing the following command: \n\ncp -p /etc/webd/webd.conf /var/tmp/webd.conf.k13400\n\n 3. Edit the **/etc/webd/webd.conf** file using a text editor of your choice, for example **vi**.\n 4. In the **/etc/webd/webd.conf** file, locate the following line: \n\nssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;\n\n 5. Remove all SSL and TLS 1.0 protocols from this line. After editing, this line should appear similar to the following example: \n\nssl_protocols TLSv1.1 TLSv1.2;\n\n 6. Save the changes and exit the text editor.\n 7. Restart the **webd** process by typing the following command: \n\ntmsh restart sys service webd\n\nFirePass\n\n * None\n\n****Enterprise Manager\n\n * None\n\n****ARX\n\n * None\n\n * [K8802: Using SSL ciphers with BIG-IP Client SSL and Server SSL profiles](<https://support.f5.com/csp/article/K8802>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K13405: Restricting Configuration utility access to clients using high encryption SSL ciphers (11.x)](<https://support.f5.com/csp/article/K13405>)\n * [K13309: Restricting access to the Configuration utility by source IP address (11.x - 14.x)](<https://support.f5.com/csp/article/K13309>)\n * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 13.x)](<https://support.f5.com/csp/article/K13163>)\n * [K11444: SSL ciphers supported on BIG-IP platforms (10.x)](<https://support.f5.com/csp/article/K11444>)\n * [K13156: SSL ciphers used in the default SSL profiles (11.x - 13.x)](<https://support.f5.com/csp/article/K13156>)\n * [K10262: SSL ciphers used in the default SSL profiles (10.x)](<https://support.f5.com/csp/article/K10262>)\n * [K9677: BIG-IP LTM compliance with standard FIPS-197](<https://support.f5.com/csp/article/K9677>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n\n**Note**: The following link takes you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n * <http://vnhacker.blogspot.com/2011/09/beast.html>\n\n**Note**: For more information about various TLS protocol level attacks and F5 recommendations for mitigating the attacks, refer to the following DevCentral article. A DevCentral login is required to access this content.\n\n * [Which TLS algorithm should I use?](<https://devcentral.f5.com/articles/which-tls-algorithm-should-i-use#.UiZGfF3n-Ul>)\n", "edition": 1, "modified": "2019-05-08T23:48:00", "published": "2015-06-16T03:25:00", "id": "F5:K13400", "href": "https://support.f5.com/csp/article/K13400", "title": "SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2016-09-26T17:23:00", "bulletinFamily": "software", "cvelist": ["CVE-2011-3389", "CVE-2012-1870"], "edition": 1, "description": "If the previous table lists a version in the** Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n * BIG-IP\n * FirePass\n * Enterprise Manager\n * ARX\n\nVulnerability Recommended Actions\n\n**BIG-IP**\n\nThis vulnerability is exploited on the client-browser side of an SSL connection to either a virtual server or to the Configuration utility. In the case of client-browser access to a virtual server, the vulnerability is exploitable without server access, and no exploited packets are sent to the remote server. The following mitigations for this vulnerability are available for SSL profiles and the Configuration utility:\n\n**SSL Profiles**\n\nMitigation of this vulnerability is possible for virtual servers using an SSL profile by performing one of the following procedures:\n\n * Configuring the SSL profile to use only TLS 1.1 or TLS 1.2 compatible, or RC4-SHA ciphers \n \n\n * TLS 1.1 protocol compatible ciphers are available only for BIG-IP 11.2.0 and later.\n * TLS 1.2 protocol compatible ciphers and RC4-SHA ciphers are available only for BIG-IP 10.2.4 and later, and BIG-IP 11.0.0 and later.\n * Configuring the SSL profile to use only RC4-SHA ciphers \n \n\n * RC4-SHA ciphers are available for all BIG-IP versions.\n * RC4 ciphers are not FIPS compliant.\n\n**Configuration utility**\n\nMitigation of this vulnerability is possible for the Configuration utility by performing one of the following procedures:\n\n * Restricting the Configuration utility to use only TLS 1.2 compatible or RC4-SHA ciphers \n \n\n * This option is available only for BIG-IP 11.5.0 and later.\n * Feature enhancements allowing the use of this procedure have also been included in the following software versions: 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, and 10.2.4 HF10.\n * Restricting the Configuration utility to use only RC4-SHA ciphers \n \n\n * All BIG-IP versions\n\n**Configuring the SSL profile to use TLS 1.1 or TLS 1.2 compatible ciphers, or RC4-SHA ciphers**\n\n**Note**: Support for TLS 1.2 was introduced in BIG-IP 10.2.3 and 11.0.0.\n\nFor BIG-IP 10.2.4 and 11.x, you can mitigate this vulnerability for an SSL virtual server by configuring the SSL profile to use only TLS 1.1-compatible ciphers, TLS 1.2-compatible ciphers, or RC4-SHA ciphers. For information about configuring the ciphers used by an SSL profile, refer to the following articles:\n\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)\n\nFor example, to configure an SSL profile to use only TLS 1.1-compatible ciphers, TLS 1.2-compatible ciphers, or RC4-SHA ciphers, perform the following procedure:\n\n**Note**: This workaround cannot be applied to BIG-IP 10.2.3. For more information, refer to SOL13543: The BIG-IP SSL profiles may not allow cipher strings containing AES128, AES256, or TLS1.2.\n\n**Impact of workaround:** An SSL virtual server configured to use this SSL profile will use only TLS 1.1-compatible ciphers, TLS 1.2-compatible ciphers, or RC4-SHA ciphers. There is limited client browser support for TLS 1.2. Clients who do not support TLS 1.1 or 1.2 may not be able to connect, or will connect using an RC4-SHA cipher. However, RC4 ciphers are not FIPS compliant.\n\n**Important**: Many client browsers do not support TLS 1.2.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Local Traffic** > **Profiles**.\n 3. Choose **Client** from the **SSL** menu.\n 4. Click **Create**.\n 5. Type a name for the **SSL** profile.\n 6. From the **Parent Profile** menu, choose **clientssl**.\n 7. From the **Configuration** menu, choose **Advanced**.\n 8. Click the **Custom** box for **Ciphers**.\n 9. Delete the DEFAULT cipher string from the **Ciphers** box.\n 10. Enter the desired cipher string in the **Ciphers** box. \n\nFor example, the following string can configure an SSL profile to use only TLS 1.1-compatible and TLS 1.2-compatible ciphers:\n\nDEFAULT:!SSLv3:!TLSv1 \n \nIf you want the SSL profile to support TLS 1.0 and SSL 3.0 clients, use the following string: \n \nDEFAULT:-SSLv3:-TLSv1:RC4-SHA \n \nIf you want the SSL profile to support TLS 1.0, but not SSL 3.0 clients, use the following string: \n \nDEFAULT:!SSLv3:-TLSv1:RC4-SHA\n\n 11. Click **Finished**. \n\nYou must now associate the SSL profile with the virtual server.\n\nAlternatively, to configure an SSL profile to use only TLS 1.1-compatible and TLS 1.2-compatible ciphers using the** tmsh **utility, use the following syntax:\n\ntmsh create /ltm profile client-ssl <name> ciphers DEFAULT:!SSLv3:!TLSv1 \n \nSimilarly, if you want the SSL profile to support TLS 1.0 and SSL 3.0 clients, you can configure an SSL profile using the following **tmsh **command syntax: \n \ntmsh create /ltm profile client-ssl <name> ciphers DEFAULT:-SSLv3:-TLSv1:RC4-SHA \n \nAnd if you want the SSL profile to support TLS 1.0, but not SSL 3.0 clients, you can configure an SSL profile using the following **tmsh **command syntax: \n \ntmsh create /ltm profile client-ssl <name> ciphers DEFAULT:!SSLv3:-TLSv1:RC4-SHA\n\n******Configuring the SSL profile to use only the RC4-SHA cipher**\n\nFor BIG-IP versions that do not support TLS 1.1 or 1.2, you can mitigate this vulnerability for an SSL virtual server by configuring the SSL profile to use only RC4-SHA ciphers. For example, to configure an SSL profile to use only RC4-SHA ciphers, perform the following procedure:\n\n**Impact of workaround:** Only RC4-SHA ciphers are allowed. Limiting the ciphers supported by the SSL profile may result in clients being unable to establish an SSL connection.\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **Local Traffic** > **Profiles**.\n 3. From the **SSL** menu, choose **Client**.\n 4. Click **Create**.\n 5. Type a name for the **SSL** profile.\n 6. From the **Parent Profile** menu, choose **clientssl**.\n 7. From the **Configuration** menu, choose **Advanced**.\n 8. Click the **Custom** box for **Ciphers**.\n 9. Delete the DEFAULT cipher string from the **Ciphers** box.\n 10. Enter the desired cipher string in the **Ciphers** box. \n\nFor example, the following string would configure an SSL profile to use only RC4-SHA ciphers:\n\nRC4-SHA\n\n 11. Click **Finished**. \n\nYou must now associate the SSL profile with the virtual server.\n\n**Note**: Alternatively, to configure an SSL profile to use only RC4-SHA ciphers using the** tmsh **utility, use the following syntax:\n\ntmsh create /ltm profile client-ssl <name> ciphers RC4-SHA\n\n**Restricting the Configuration utility to use only TLS 1.2 compatible or RC4-SHA ciphers**\n\n**Note**: Support for TLS 1.2 in the Configuration utility was introduced in BIG-IP 11.5.0. \n \nFor BIG-IP 11.5.0 and later, you can mitigate this vulnerability for the Configuration utility by restricting the utility to use only TLS 1.2-compatible ciphers or RC4-SHA ciphers. For example, to restrict the utility to use only TLS 1.2-compatible ciphers or RC4-SHA ciphers, perform the following procedure:\n\n**Note**: Feature enhancements allowing the use of this procedure have also been included in the following software versions: 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, and 10.2.4 HF10.\n\n**Impact of workaround**: The Configuration utility will use only TLS 1.2-compatible ciphers or RC4-SHA ciphers. There is limited client browser support. TLS 1.2.Clients who do not support TLS 1.2 may not be able to connect, or will connect using an RC4-SHA cipher.\n\n**Important**: Many client browsers do not support TLS 1.2.\n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. Before you change the SSL cipher string, you should review the existing string for your specific BIG-IP version. To list the currently configured cipher string, type the following command: \n\nlist /sys httpd ssl-ciphersuite\n\nFor example, the BIG-IP 11.5.1 system displays the following cipher string: \n\nALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\n 3. To restrict Configuration utility access to clients using TLS 1.2 or RC4-SHA ciphers, type the following command: \n\nmodify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:-TLSv1:-SSLv3:RC4-SHA' \n \nAlternatively, if you can restrict to only TLS 1.1 and TLS 1.2 ciphers, then type the following command instead: \n \nmodify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1'\n\n 4. Save the configuration change by typing the following command: \n\nsave /sys config\n\n**Restricting the Configuration utility to use only RC4-SHA ciphers**\n\nFor BIG-IP versions that do not support TLS 1.2, you can mitigate this vulnerability for the Configuration utility by restricting the utility to use only RC4-SHA ciphers. For example, to restrict the utility to use only RC4-SHA ciphers, perform the following procedure:\n\n**Impact of workaround**: Only RC4-SHA ciphers are allowed. Limiting the ciphers supported by The Configuration utility may result in clients being unable to connect.\n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. Before you change the SSL cipher string, you should review the existing string for your specific BIG-IP version. To list the currently configured cipher string, type the following command: \n\nlist /sys httpd ssl-ciphersuite\n\nFor example, the BIG-IP 11.5.1 system displays the following cipher string: \n\nALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2\n\n 3. To restrict Configuration utility access to clients using RC4-SHA ciphers, type the following command: \n\nmodify /sys httpd ssl-ciphersuite 'RC4-SHA'\n\n 4. Save the configuration change by typing the following command: \n\nsave /sys config\n\n**FirePass**\n\n * None\n\n**Enterprise Manager**\n\n * None\n\n**ARX**\n\n * None\n\nSupplemental Information\n\n * SOL8802: Using SSL ciphers with BIG-IP Client SSL and Server SSL profiles\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)\n * SOL13405: Restricting Configuration utility access to clients using high encryption SSL ciphers (11.x)\n * SOL13309: Restricting access to the Configuration utility by source IP address (11.x)\n * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x)\n * SOL11444: SSL ciphers supported on BIG-IP platforms (10.x)\n * SOL13156: SSL ciphers used in the default SSL profiles (11.x)\n * SOL10262: SSL ciphers used in the default SSL profiles (10.x)\n * SOL9677: BIG-IP LTM compliance with standard FIPS-197\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n**Note**: The following link takes you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n * <http://vnhacker.blogspot.com/2011/09/beast.html>\n\n**Note**: For more information about various TLS protocol level attacks and F5 recommendations for mitigating the attacks, refer to the following DevCentral article:\n\n * [Which TLS algorithm should I use?](<https://devcentral.f5.com/articles/which-tls-algorithm-should-i-use#.UiZGfF3n-Ul>)\n", "modified": "2016-06-28T00:00:00", "published": "2012-03-06T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13400.html", "id": "SOL13400", "title": "SOL13400 - SSL 3.0/TLS 1.0 BEAST vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389", "CVE-2010-0734", "CVE-2012-0036", "CVE-2011-2192"], "edition": 1, "description": "### Background\n\ncURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. \n\n### Description\n\nMultiple vulnerabilities have been found in cURL:\n\n * When zlib is enabled, the amount of data sent to an application for automatic decompression is not restricted (CVE-2010-0734). \n * When performing GSSAPI authentication, credential delegation is always used (CVE-2011-2192). \n * When SSL is enabled, cURL improperly disables the OpenSSL workaround to mitigate an information disclosure vulnerability in the SSL and TLS protocols (CVE-2011-3389). \n * libcurl does not properly verify file paths for escape control characters in IMAP, POP3 or SMTP URLs (CVE-2012-0036). \n\n### Impact\n\nA remote attacker could entice a user or automated process to open a specially crafted file or URL using cURL, possibly resulting in the remote execution of arbitrary code, a Denial of Service condition, disclosure of sensitive information, or unwanted actions performed via the IMAP, POP3 or SMTP protocols. Furthermore, remote servers may be able to impersonate clients via GSSAPI requests. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll cURL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/curl-7.24.0\"", "modified": "2012-03-06T00:00:00", "published": "2012-03-06T00:00:00", "id": "GLSA-201203-02", "href": "https://security.gentoo.org/glsa/201203-02", "type": "gentoo", "title": "cURL: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:29:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0036"], "description": "Dan Fandrich discovered that curl incorrectly handled URLs containing \nembedded or percent-encoded control characters. If a user or automated \nsystem were tricked into processing a specially crafted URL, arbitrary \ndata could be injected.", "edition": 5, "modified": "2012-01-24T00:00:00", "published": "2012-01-24T00:00:00", "id": "USN-1346-1", "href": "https://ubuntu.com/security/notices/USN-1346-1", "title": "curl vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0036"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2012-01-28T03:31:08", "published": "2012-01-28T03:31:08", "id": "FEDORA:602F820DCB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: curl-7.21.7-6.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2192", "CVE-2012-0036"], "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "modified": "2012-02-11T22:04:59", "published": "2012-02-11T22:04:59", "id": "FEDORA:E446A2122A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: curl-7.21.3-13.fc15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. ", "modified": "2012-01-22T05:26:29", "published": "2012-01-22T05:26:29", "id": "FEDORA:1262420CBE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: nss-3.13.1-10.fc15", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2011-12-23T03:31:27", "published": "2011-12-23T03:31:27", "id": "FEDORA:7617922E25", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: firefox-9.0-3.fc16", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. ", "modified": "2011-12-23T03:31:27", "published": "2011-12-23T03:31:27", "id": "FEDORA:5A57F22DE8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: nss-3.13.1-9.fc16", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding of Mozilla technolog ies in other projects and products. ", "modified": "2012-01-22T05:26:29", "published": "2012-01-22T05:26:29", "id": "FEDORA:37BAE20CD9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: xulrunner-9.0.1-1.fc15", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "Network Security Services Softoken Cryptographic Module ", "modified": "2011-12-23T03:31:27", "published": "2011-12-23T03:31:27", "id": "FEDORA:4857E22DBD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: nss-softokn-3.13.1-14.fc16", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "This module allows you to use the Mozilla embedding widget from Perl. ", "modified": "2012-01-22T05:26:29", "published": "2012-01-22T05:26:29", "id": "FEDORA:48FBB20CE9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: perl-Gtk2-MozEmbed-0.09-1.fc15.8", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2012-01-22T05:26:29", "published": "2012-01-22T05:26:29", "id": "FEDORA:2F07020CD7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: firefox-9.0.1-1.fc15", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "The gnome-python-extra package contains the source packages for additional Python bindings for GNOME. It should be used together with gnome-python. ", "modified": "2012-01-22T05:26:29", "published": "2012-01-22T05:26:29", "id": "FEDORA:4053B20CDA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: gnome-python2-extras-2.25.3-35.fc15.4", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2012-0036"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1346-1\r\nJanuary 24, 2012\r\n\r\ncurl vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n\r\nSummary:\r\n\r\ncurl could be tricked into injecting arbitrary data if it handled a\r\nmalicious URL.\r\n\r\nSoftware Description:\r\n- curl: HTTP, HTTPS, and FTP client and client libraries\r\n\r\nDetails:\r\n\r\nDan Fandrich discovered that curl incorrectly handled URLs containing\r\nembedded or percent-encoded control characters. If a user or automated\r\nsystem were tricked into processing a specially crafted URL, arbitrary\r\ndata could be injected.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n libcurl3 7.21.6-3ubuntu3.2\r\n libcurl3-gnutls 7.21.6-3ubuntu3.2\r\n libcurl3-nss 7.21.6-3ubuntu3.2\r\n\r\nUbuntu 11.04:\r\n libcurl3 7.21.3-1ubuntu1.5\r\n libcurl3-gnutls 7.21.3-1ubuntu1.5\r\n libcurl3-nss 7.21.3-1ubuntu1.5\r\n\r\nUbuntu 10.10:\r\n libcurl3 7.21.0-1ubuntu1.3\r\n libcurl3-gnutls 7.21.0-1ubuntu1.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1346-1\r\n CVE-2012-0036\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/curl/7.21.6-3ubuntu3.2\r\n https://launchpad.net/ubuntu/+source/curl/7.21.3-1ubuntu1.5\r\n https://launchpad.net/ubuntu/+source/curl/7.21.0-1ubuntu1.3\r\n", "edition": 1, "modified": "2012-02-08T00:00:00", "published": "2012-02-08T00:00:00", "id": "SECURITYVULNS:DOC:27616", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27616", "title": "[USN-1346-1] curl vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0036"], "description": "Data injection via request URL.", "edition": 1, "modified": "2012-02-08T00:00:00", "published": "2012-02-08T00:00:00", "id": "SECURITYVULNS:VULN:12171", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12171", "title": "curl data injection", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2011-3389"], "description": "\r\n\r\n\r\n\r\nESA-2012-032.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2012-032: RSA BSAFE\u00ae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks\r\n\r\nEMC Identifier: ESA-2012-032\r\n \r\nCVE Identifier: CVE-2011-3389\r\n \r\nSeverity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\r\n \r\nAffected Products:\r\nAll versions of RSA BSAFE Micro Edition Suite (MES) except 4.0.5 and 3.2.6, all platforms\r\n \r\nUnaffected Products:\r\nRSA BSAFE MES 4.0.5, 3.2.6\r\n \r\nSummary: \r\nRSA BSAFE Micro Edition Suite contains updates designed to help prevent BEAST attacks (CVE-2011-3389)\r\n \r\nDetails: \r\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.\r\n \r\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.\r\n \r\nRecommendation:\r\nThe best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.\r\n \r\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.\r\n \r\nIn MES, the way to prevent the BEAST exploit is to introduce some unknown data into the encryption scheme, prior to the attackers inserted plain text data. This is done as follows:\r\n \r\n1. After the first encrypted record is sent, any plaintext to be encrypted is split into two blocks of plaintext. The blocks of data are then sent as two encrypted records; the first encrypted record contains the first byte of data and the second encrypted record contains the rest.\r\n2. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block of plaintext.\r\n3. The one byte of data along with the MAC is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own.\r\n \r\nNOTE: In this release of MES, the mitigation for the BEAST exploit is enabled by default. No code changes are required to protect against it.\r\n \r\nIn special cases, if required, the BEAST exploit mitigation, either for an SSL context or SSL object can be disabled by calling R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_NO_BEAST_MITIGATION identifier.\r\n \r\nNote the following about first block splitting:\r\n\u00b7 Splitting only occurs for negotiated cipher suites that use CBC mode.\r\n\u00b7 Handshake packets are not split. Only application data packets are split.\r\n\u00b7 Blocks of plaintext are split for each subsequent call to write data to the SSL connection after the first write is sent.\r\n \r\nFor more information about these functions and identifiers, see the RSA BSAFE MES API Reference Guide.\r\n \r\nObtaining Downloads: \r\nTo request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service. \r\n\r\nObtaining Documentation:\r\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.\r\n\r\nSeverity Rating:\r\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \u201cSecurity Advisories Severity Rating\u201d at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\nObtaining More Information:\r\nFor more information about RSA products, visit the RSA web site at http://www.rsa.com.\r\n\r\nGetting Support and Service:\r\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.\r\n\r\nGeneral Customer Support Information:\r\nhttp://www.emc.com/support/rsa/index.htm\r\n\r\nRSA SecurCare Online:\r\nhttps://knowledge.rsasecurity.com\r\n\r\nEOPS Policy:\r\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \r\nhttp://www.emc.com/support/rsa/eops/index.htm\r\n\r\nSecurCare Online Security Advisories\r\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nAbout RSA SecurCare Notes & Security Advisories Subscription\r\nRSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\u2019d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\u2019d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.\r\n\r\nSincerely,\r\nRSA Customer Support\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlNIFjYACgkQtjd2rKp+ALwv3wCgx/mvkF8UsYt+YHuSuvFi+bS4\r\nehYAoMwjDiemy19XL7m8RH5Y52t2y5Fj\r\n=bLjw\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "SECURITYVULNS:DOC:30611", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30611", "title": "ESA-2012-032: RSA BSAFE\u00ae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2011-3389"], "description": "\r\n\r\n\r\n\r\nESA-2012-032.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nESA-2012-032: RSA BSAFE\u00ae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks\r\n\r\nEMC Identifier: ESA-2012-032\r\n\r\nCVE Identifier: CVE-2011-3389\r\n\r\nSeverity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\r\n\r\n\r\nAffected Products:\r\n\r\nAll versions of RSA BSAFE Micro Edition Suite prior to 4.0, all platforms\r\n\r\n\r\nUnaffected Products:\r\n\r\nRSA BSAFE Micro Edition Suite 4.0 and higher\r\n\r\n\r\nSummary:\r\n\r\nRSA BSAFE Micro Edition Suite contains updates designed to prevent BEAST attacks (CVE-2011-3389)\r\n\r\n\r\n\r\nDetails:\r\n\r\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.\r\n\r\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.\r\n\r\n\r\n\r\nRecommendation:\r\n\r\nThe best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.\r\n\r\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.\r\n\r\nFor customers who cannot or should not implement either of these two methods, RSA BSAFE Micro Edition Suite 4.0 introduces a new feature called first block splitting. First block splitting prevents the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows: \r\n\r\n\u20221. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest.\r\n\u20222. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block.\r\n\u20223. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own.\r\nTo implement first block splitting in RSA BSAFE Micro Edition Suite 4.0, either for an SSL context or SSL object, call R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_SPLIT_FIRST_FRAGMENT identifier.\r\n\r\nFor more information about these functions and identifiers, see the RSA BSAFE Micro Edition Suite API Reference Guide.\r\n\r\n\r\n\r\nSeverity Rating:\r\n\r\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \u201cSecurity Advisories Severity Rating\u201d at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\n\r\nObtaining Documentation:\r\n\r\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.\r\n\r\n\r\n\r\nObtaining More Information:\r\n\r\nFor more information about RSA BSAFE, visit the RSA web site at http://www.rsa.com/node.aspx?id=1204.\r\n\r\n\r\n\r\nGetting Support and Service:\r\n\r\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.\r\n\r\n\r\nGeneral Customer Support Information:\r\n\r\nhttp://www.rsa.com/node.aspx?id=1264\r\n\r\n\r\nRSA SecurCare Online:\r\n\r\nhttps://knowledge.rsasecurity.com\r\n\r\n\r\nEOPS Policy:\r\n\r\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \r\nhttp://www.rsa.com/node.aspx?id=2575\r\n\r\n\r\nSecurCare Online Security Advisories\r\n\r\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\n\r\nAbout RSA SecurCare Notes & Security Advisories Subscription\r\n\r\nRSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\u2019d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\u2019d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.\r\n\r\n\r\nEMC Product Security Response Center\r\n\r\nSecurity_Alert@EMC.COM\r\n\r\nhttp://www.emc.com/contact-us/contact/product-security-response-center.html\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (Cygwin)\r\n\r\niEYEARECAAYFAlBKOMwACgkQtjd2rKp+ALw1HQCfezG65rzhhtvVQAFkXzXQmthr\r\nCc8An3CJlTmuxBfF1dHt/NvQgKED9eR4\r\n=++hy\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-10-29T00:00:00", "published": "2012-10-29T00:00:00", "id": "SECURITYVULNS:DOC:28707", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28707", "title": "ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2020-11-11T13:29:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2398-2 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 31, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nVulnerability : regression\nDebian-specific: no\nDebian Bug : 658276\n\ncURL is a command-line tool and library for transferring data with URL\nsyntax. It was discovered that the countermeasures against the\nDai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,\n"BEAST") cause interoperability issues with some server\nimplementations. This update ads the the CURLOPT_SSL_OPTIONS and\nCURLSSLOPT_ALLOW_BEAST options to the library, and the\n- --ssl-allow-beast option to the "curl" program.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze2.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-03-31T19:39:58", "published": "2012-03-31T19:39:58", "id": "DEBIAN:DSA-2398-2:1A463", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00075.html", "title": "[SECURITY] [DSA 2398-2] curl regression", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:59:04", "description": "CVE ID: CVE-2011-3389\r\n\r\nMicrosoft Windows\u662f\u5fae\u8f6f\u53d1\u5e03\u7684\u975e\u5e38\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows\u5728SSL/TLS\u534f\u8bae\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u5e76\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\r\n\r\n\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u5728CBC\u6a21\u5f0f\u4e2d\u7ed3\u5408\u5bf9\u79f0\u5bc6\u7801\u5957\u4ef6\u4f7f\u7528Secure Sockets Layer 3.0 (SSL)\u548cTransport Layer Security 1.0 (TLS) \u534f\u8bae\u65f6\u51fa\u73b0\u7684\u8bbe\u8ba1\u9519\u8bef\uff0c\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u52a0\u5bc6HTTPS\u4f1a\u8bdd\u3002\n\nMicrosoft Windows\r\nMicrosoft Windows XP Home\r\nMicrosoft Windows XP Professional\r\nMicrosoft Windows Server 2003\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff082588513\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\n2588513\uff1aMicrosoft releases Security Advisory 2588513\r\n\r\n\u94fe\u63a5\uff1ahttp://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", "published": "2011-09-29T00:00:00", "title": "Microsoft Windows SSL/TLS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3389"], "modified": "2011-09-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20957", "id": "SSV:20957", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "cert": [{"lastseen": "2020-09-18T20:41:12", "bulletinFamily": "info", "cvelist": ["CVE-2011-3389"], "description": "### Overview \n\nA vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic.\n\n### Description \n\nThe Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network application protocols such as HTTP, IMAP, POP3, LDAP, SMTP, and others. Several different versions of the SSL and TLS protocols have been standardized and are in widespread use. These protocols support the use of both block-based and stream-based ciphers.\n\nA vulnerability in the way the SSL 3.0 and TLS 1.0 protocols select the initialization vector (IV) when operating in cipher-block chaining (CBC) modes allows an attacker to perform a chosen-plaintext attack on encrypted traffic. This vulnerability has been addressed in the specification for the TLS 1.1 and TLS 1.2 protocols. \n \nWhile this vulnerability exists in the underlying specification of the affected protocols, a practical attack called BEAST has been demonstrated in the context of a web browser and the use of the HTTPS protocol. Because of the software functionality available to an attacker in this environment, it represents the most likely attack vector and the most significant risk for affected users. An effective BEAST attack appears to require a cross-domain vulnerability that allows the attacker to issue specially crafted HTTPS requests. A blog post by Th\u00e1i Duong discusses \"...a way to bypass the same-origin policy (SOP)...\" using a Java applet. \n \n--- \n \n### Impact \n\nAn attacker with the ability to pose as a man-in-the-middle and to generate specially-crafted plaintext input could decrypt the contents of an SSL- or TLS-encrypted session. This could allow the attacker to recover potentially sensitive information (e.g., HTTP authentication cookies). \n \n--- \n \n### Solution \n\nWe are currently unaware of a practical solution to this problem. \n \n--- \n \n**Workarounds** \n \nSome vendors have published specific mitigation advice for the attacks related to this issues. Please see the Vendor Information section of this document for more information. \n \nThe following general workarounds can be effective in mitigating this issue: \n\n\n * Prioritize the use of the RC4 algorithm over block ciphers in server software\nNote that this workaround is not feasible to implement on systems that require [FIPS-140](<http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf>) compliance since RC4 is not a FIPS-approved cryptographic algorithm.\n\n * Enable support for TLS 1.1 and/or TLS 1.2 in the web browser\n * Enable support for TLS 1.1 in server software\nNote that both the web servers and the client web browser must support TLS 1.1 or TLS 1.2 for these workarounds to be effective. The session will fallback to an earlier version of the TLS or SSL protocol in the event that either is incompatible with TLS 1.1 or TLS 1.2. \n--- \n \n### Vendor Information\n\n864643\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Google Affected\n\nUpdated: September 27, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * [http://src.chromium.org/viewvc/chrome?view=rev&revision=97269](<http://src.chromium.org/viewvc/chrome?view=rev&revision=97269>)\n\n### Microsoft Corporation Affected\n\nUpdated: September 27, 2011 \n\n**Statement Date: September 26, 2011**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://technet.microsoft.com/en-us/security/advisory/2588513>\n * <http://support.microsoft.com/kb/2588513>\n\n### Mozilla Affected\n\nUpdated: September 28, 2011 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugzilla.mozilla.org/show_bug.cgi?id=665814>\n * <http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/>\n\n### Opera Affected\n\nUpdated: December 08, 2011 \n\n**Statement Date: December 06, 2011**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://www.opera.com/docs/changelogs/windows/1160/>\n * <http://www.opera.com/docs/changelogs/mac/1160/>\n * <http://www.opera.com/docs/changelogs/unix/1160/>\n\n### Apple Inc. Unknown\n\nUpdated: September 27, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### GnuTLS Unknown\n\nUpdated: September 27, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenSSL Unknown\n\nUpdated: September 27, 2011 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:ND/RL:ND/RC:ND \nEnvironmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://www.openssl.org/~bodo/tls-cbc.txt>\n * <http://www.imperialviolet.org/2011/09/23/chromeandbeast.html>\n * <http://www.phonefactor.com/blog/slaying-beast-mitigating-the-latest-ssltls-vulnerability.php>\n * <http://vnhacker.blogspot.com/2011/09/beast.html>\n * <https://blog.torproject.org/blog/tor-and-beast-ssl-attack>\n * <http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx>\n * <http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx>\n * [http://src.chromium.org/viewvc/chrome?view=rev&revision=97269](<http://src.chromium.org/viewvc/chrome?view=rev&revision=97269>)\n * <https://bugzilla.mozilla.org/show_bug.cgi?id=665814>\n * <http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html>\n * <http://www.ekoparty.org/2011/juliano-rizzo.php>\n\n### Acknowledgements\n\nThanks to Th\u00e1i Duong working with Matasano and Juliano Rizzo of Netifera for reporting the practical attack against this vulnerability. Wei Dai and Bodo M\u00f6ller identified the underlying flaw in the context of SSL and TLS.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2011-3389](<http://web.nvd.nist.gov/vuln/detail/CVE-2011-3389>) \n---|--- \n**Severity Metric:** | 3.38 \n**Date Public:** | 2002-02-08 \n**Date First Published:** | 2011-09-27 \n**Date Last Updated: ** | 2011-12-08 14:43 UTC \n**Document Revision: ** | 37 \n", "modified": "2011-12-08T14:43:00", "published": "2011-09-27T00:00:00", "id": "VU:864643", "href": "https://www.kb.cert.org/vuls/id/864643", "type": "cert", "title": "SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3389"], "description": "\nMatthias Andree reports:\n\nFetchmail version 6.3.9 enabled \"all SSL workarounds\" (SSL_OP_ALL)\n\t which contains a switch to disable a countermeasure against certain\n\t attacks against block ciphers that permit guessing the\n\t initialization vectors, providing that an attacker can make the\n\t application (fetchmail) encrypt some data for him -- which is not\n\t easily the case.\nStream ciphers (such as RC4) are unaffected.\nCredits to Apple Product Security for reporting this.\n\n", "edition": 4, "modified": "2012-01-19T00:00:00", "published": "2012-01-19T00:00:00", "id": "18CE9A90-F269-11E1-BE53-080027EF73EC", "href": "https://vuxml.freebsd.org/freebsd/18ce9a90-f269-11e1-be53-080027ef73ec.html", "title": "fetchmail -- chosen plaintext attack against SSL CBC initialization vectors", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "mskb": [{"lastseen": "2021-01-01T22:41:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2011-3389"], "description": "<html><body><p>Resolves a vulnerability in SSL/TLS could allow information disclosure\u3002</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS12-006. To view the complete security bulletin, go to one of the following Microsoft websites:\u00a0<ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201201.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201201.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms12-006\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS12-006</a></div></li></ul><span><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></span></div><h2>Fix it for me</h2><div class=\"kb-resolution-section section\">Two Fix it solutions are available.<br/><ul class=\"sbody-free_list\"><li><span class=\"text-base\">Fix it solution for Transport Layer Security (TLS) 1.1 in Internet Explorer</span>: This solution enables TLS 1.1, which is not affected by this vulnerability, in Windows Internet Explorer. Most typical users should install this Fix it solution.\u00a0</li><li><span class=\"text-base\">Fix it solution for TLS 1.1 on Windows-based servers</span>: This solution enables TLS 1.1, which is not affected by the vulnerability.\u00a0</li></ul>The Fix it solutions that are described in this section are not intended as replacements for any security update. We recommend that you always install the latest security updates. However, we offer these Fix it solutions as workaround options for some scenarios.\u00a0<br/><br/>For more information about the workarounds, see security bulletin MS12-006:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms12-006\" id=\"kb-link-8\" target=\"_self\">http://technet.microsoft.com/security/bulletin/ms12-006</a></div> The bulletin provides more information about the issue and includes the following:<br/><ul class=\"sbody-free_list\"><li>The scenarios in which you might apply or disable the workaround </li><li>Mitigating factors</li><li>Workarounds</li><li>Frequently asked questions</li></ul>Specifically, to see this information, look for the <span class=\"text-base\">Vulnerability Information</span> section, and then expand the <span class=\"text-base\">Workarounds</span> paragraph under the <span class=\"text-base\">SSL and TLS Protocols Vulnerability - CVE-2011-3389</span> paragraph.<br/><h3 class=\"sbody-h3\">Fix it solution for TLS 1.1 on Internet Explorer</h3>To enable or disable this Fix it solution, click the <strong class=\"uiterm\">Fix it</strong> button or link under the <strong class=\"uiterm\">Enable</strong>\u00a0or <strong class=\"uiterm\">Disable</strong> heading. Click <strong class=\"uiterm\">Run</strong> in the<strong class=\"uiterm\"> File Download</strong> dialog box, and then follow the steps in the Fix it Wizard. <br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Enable</th><th class=\"sbody-th\">Disable</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9784202\" text=\"Download\"></div></span></td><td class=\"sbody-td\"><span><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9784201\" text=\"Download\"></div></span></td></tr></table></div><h4 class=\"sbody-h4\">Notes</h4><ul class=\"sbody-free_list\"><li>These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows. </li><li>If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or a CD, and then you can run it on the computer that has the problem.\u00a0</li></ul><h3 class=\"sbody-h3\">Fix it solution for TLS 1.1 on Windows-based servers</h3>To enable or disable this Fix it solution, click the <strong class=\"uiterm\">Fix it</strong> button or link under the <strong class=\"uiterm\">Enable</strong>\u00a0or <strong class=\"uiterm\">Disable</strong> heading. Click <strong class=\"uiterm\">Run</strong> in the <strong class=\"uiterm\"> File Download</strong> dialog box, and then follow the steps in the Fix it Wizard. <br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Enable</th><th class=\"sbody-th\">Disable</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9784203\" text=\"Download\"></div></span></td><td class=\"sbody-td\"><span><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9784204\" text=\"Download\"></div></span></td></tr></table></div><h4 class=\"sbody-h4\">Notes</h4><ul class=\"sbody-free_list\"><li>These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows. </li><li>If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or a CD, and then you can run it on the computer that has the problem.\u00a0</li></ul></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Known issues with this security update</h3>After you install this security update, you may experience authentication failure or loss of connectivity to some HTTPS servers. This issue occurs because this security update changes the way that records are sent to HTTPS servers. <br/><br/>To temporarily disable or re-enable this security update, click the <strong class=\"uiterm\">Fix it</strong> button or link under the <strong class=\"uiterm\"> Disable the security update</strong>\u00a0or <strong class=\"uiterm\">Re-enable the security update</strong> heading. Click <strong class=\"uiterm\">Run</strong> in the<strong class=\"uiterm\"> File Download</strong> dialog box, and then follow the steps in the Fix it wizard. <br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\"> Disable the security update </th><th class=\"sbody-th\"> Re-enable the security update </th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9796116\" text=\"Download\"></div></span></td><td class=\"sbody-td\"><span><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9796117\" text=\"Download\"></div></span></td></tr></table></div><span class=\"text-base\">Notes</span><ul class=\"sbody-free_list\"><li>These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows. </li><li>If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or a CD, and then you can run it on the computer that has the problem.\u00a0</li></ul>The following table shows the values that are applied by these Fix it solutions to the <span class=\"text-base\">SendExtraRecord</span> registry DWORD entry: <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Heading </th><th class=\"sbody-th\"> Value applied to SendExtraRecord entry</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Disable the security update </td><td class=\"sbody-td\"> 2 </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Re-enable the security update </td><td class=\"sbody-td\"> 0 </td></tr></table></div><span class=\"text-base\">Note </span> The <span class=\"text-base\">SendExtraRecord</span> setting will be included in future releases of Windows. <h4 class=\"sbody-h4\">Known issues and additional information about this security update</h4>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link:<br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2585542\" id=\"kb-link-9\">2585542 </a> MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012 </li><li><a href=\"https://support.microsoft.com/en-us/help/2638806\" id=\"kb-link-10\">2638806 </a> MS12-006: Description of the security update for Winhttp in Windows Server 2003 and Windows XP Professional x64 Edition: January 10, 2012 </li></ul><h3 class=\"sbody-h3\">Registry information</h3><span class=\"text-base\">Not recommended </span> We do not recommend that you use the following procedure to disable this security update. However, we provide this procedure for scenarios in which you may be using applications that are incompatible with this security update, which enables split SSL records for all applications. <br/><br/><span><span class=\"text-base\">Important </span>This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/322756\" id=\"kb-link-11\">322756 </a>How to back up and restore the registry in Windows </div></span><br/><br/>By default, this security update sets the Opt-in mode at the schannel level, because of application compatibility issues. To disable this security update for all applications system-wide, you must add a DWORD value that's named\u00a0<span class=\"text-base\">SendExtraRecord</span>\u00a0and that has a value of 2 to the following registry subkey: <div class=\"indent\"><strong class=\"sbody-strong\">HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL</strong></div>To add this schannel registry entry registry entry, follow these steps:<br/><ol class=\"sbody-num_list\"><li>Click <strong class=\"uiterm\">Start</strong>, click <strong class=\"uiterm\">Run</strong>, type <span class=\"sbody-userinput\">regedit</span> in the <strong class=\"uiterm\">Open</strong> box, and then click <strong class=\"uiterm\">OK</strong>. </li><li>Locate and then click the following subkey in the registry:<br/><div class=\"indent\"><strong class=\"sbody-strong\">HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL<br/></strong></div></li><li>On the <strong class=\"uiterm\">Edit</strong> menu, point to <strong class=\"uiterm\">New</strong>, and then click <strong class=\"uiterm\">DWORD Value</strong>. </li><li>Type <span class=\"sbody-userinput\">SendExtraRecord</span>\u00a0for the name of the DWORD value, and then press Enter.\u00a0</li><li>Right-click <span class=\"text-base\">SendExtraRecord</span>, and then click <strong class=\"uiterm\">Modify</strong>. </li><li>In the <strong class=\"uiterm\">Value data</strong> box, type <span class=\"sbody-userinput\">2</span> to disable the split record in schannel, and then click <strong class=\"uiterm\">OK</strong>.</li><li>Exit Registry Editor. </li></ol>This registry entry can have three values, and each value provides different modes of operation: <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Reg-key Value </th><th class=\"sbody-th\">Description </th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">0</td><td class=\"sbody-td\">By default, schannel is included in \"Optin Mode.\" This means that this security update will work for all the callers who send the Secure flag to schannel. The \"SendExtraRecord\" schannel registry entry will not be created by the security package. Therefore, no schannel registry entry means the system is running this mode. If someone creates this registry key and set the value to 0, schannel will again run in this mode. <br/><br/>This setting has the same effect as not creating this registry entry at all. Applications that send a Secure flag to schannel during session initialization will only exercise the fixed secure code path. For other applications, there will be no change in schannel behavior. <br/><br/>This security update also fixes the application layers that are involved in web browsing by using Internet Explorer to send the Secure flag, in order to help secure the browser usage scenarios. <br/><br/><span class=\"text-base\">Note</span>\u00a0In Windows Server 2003, security update 2638806 must be installed to help secure HTTP client applications that\u00a0use WinHTTP APIs. For more information, click the following article number to view the article in the Microsoft Knowledge Base:\u00a0<div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2638806\" id=\"kb-link-12\">2638806 </a> MS12-006: Description of the security update for Winhttp in Windows Server 2003 and Windows XP Professional x64 Edition: January 10, 2012 </div></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">1 </td><td class=\"sbody-td\">Setting the value to 1 means \"enabled for all.\" This means callers do not have to send the flag, and the schannel will split all SSL records. With this value set, applications do not have to take any change. A customer who is very concerned about system security can help make their system safer by enabling this registry key. </td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"> 2 </td><td class=\"sbody-td\">Setting the value to 2 means \"disabled for all.\" This means that the schannel will not split the records for any encryption call that the application makes. This mode does not honor the Secure flag that an application sends. </td></tr></table></div>Based on internal testing, we found that you cannot feasibly set the registry value to 1 because it can break too many scenarios in an enterprise. Therefore, we discourage users from using it.<br/><h3 class=\"sbody-h3\">Known issues with enabling the SendExtraRecord registry entry</h3><ul class=\"sbody-free_list\"><li>Setting the SendExtraRecord registry value to 1 enforces record-splitting in every call to encrypt data in schannel. This occurs regardless of whether the caller sent the Secure flag during session initialization. </li><li>Many applications that use schannel are written so that the receiver side assumes application data will be packed into a single packet. This occurs even though the application calls schannel for decryption. The applications ignore a flag that is set by schannel. The flag indicates to the application that there is more data to be decrypted and picked up by the receiver. This method does not follow the MSDN-prescribed method of using schannel. Because the security update enforces record-splitting, this breaks such applications. </li><li>Broken applications include Microsoft products and in-box components. The following are examples of scenarios that may be broken when the SendExtraRecord registry value is set to 1:</li><li><ul class=\"sbody-free_list\"><li>All SQL products, and applications that are built onto SQL. </li><li>Terminal Servers that have Network Level Authentication (NLA) turned on. By default, NLA is enabled in Windows Vista and later versions of Windows.</li><li>Some Routing Remote Access Service (RRAS) scenarios. </li></ul></li></ul>Setting the SendExtraRecord registry value to 1 enforces the secure record-splitting for all applications that use Windows TLS/SSL. However, this setting is likely to have application compatibility issues. Therefore, we recommend that customers configure TLS 1.1 and TLS 1.2 instead of using this registry setting. TLS 1.1 and TLS 1.2 are not vulnerable to this issue. <br/><br/>If a user intends to use this registry setting, we recommend that they extensively test application compatibility testing before they implement it. Some common products that are known to be affected by this setting include Microsoft SQL products, Windows Terminal Server, and Windows Remote Access Server.<br/></div><h2>FAQ</h2><div class=\"kb-summary-section section\"><span class=\"text-base\">Q:</span> What can Microsoft do to help me fix my server-side application?<br/><span class=\"text-base\">A:</span> Make sure that your application can handle the Fragmentation of SSL/TLS application records, as described in the following RFCs:<br/><ul class=\"sbody-free_list\"><li><a href=\"http://www.ietf.org/rfc/rfc2246.txt\" id=\"kb-link-13\" target=\"_self\">TLS 1.0: http://www.ietf.org/rfc/rfc2246.txt paragraph 6.2.1</a></li><li><a href=\"http://www.ietf.org/rfc/rfc6101.txt\" id=\"kb-link-14\" target=\"_self\">SSL 3.0: http://www.ietf.org/rfc/rfc6101.txt paragraph 5.2.1</a></li></ul></div></body></html>", "edition": 2, "modified": "2014-04-17T04:49:25", "id": "KB2643584", "href": "https://support.microsoft.com/en-us/help/2643584/", "published": "2012-01-10T00:00:00", "title": "MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ics": [{"lastseen": "2021-02-27T19:55:30", "bulletinFamily": "info", "cvelist": ["CVE-2011-3389"], "description": "## OVERVIEW\n\nSiemens has identified a BEAST (Browser Exploit Against SSL/TLS) attack vulnerability in Siemens Ruggedcom WIN products. This vulnerability was originally reported directly to Siemens ProductCERT by Dan Frein and Paul Cotter of West Monroe Partners. Siemens has produced a firmware update that fixes compatibility issues with BEAST mitigations of current browser versions.\n\nThis vulnerability could be exploited remotely.\n\n## AFFECTED PRODUCTS\n\nThe following Siemens Ruggedcom WIN product lines are affected:\n\n * WIN7000: all versions prior to v4.4,\n * WIN7200: all versions prior to v4.4,\n * WIN5100: all versions prior to v4.4, and\n * WIN5200: all versions prior to v4.4.\n\n## IMPACT\n\nAn attacker who successfully exploits a system using this vulnerability may be able to access the session ID of the user\u2019s current web session. If combined with a social engineering attack, the attacker may be able to read traffic exchanged between the user and the device.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSiemens is a multinational company headquartered in Munich, Germany.\n\nThe Ruggedcom WIN product line is a family of products compliant with the WiMAX 802.16e Wave 2 mobile broadband wireless standard. The product family includes a variety of base stations and subscriber stations. Siemens estimates that these products are used primarily in the United States and Europe with a small percentage in Asia.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### IMPROPER INPUT VALIDATIONa\n\nThe SSL/TLS secured web interface of the affected products is vulnerable to the BEAST attack. As it uses SSL libraries, which are not compatible with 1/n-1 record splitting, some newer browser versions are not able to connect to the web interface.\n\nCVE-2011-3389b has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:P/I:N/A:N).c\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nNo known public exploits specifically target this vulnerability.\n\n#### DIFFICULTY\n\nAn attacker with a moderate skill would be able to exploit this vulnerability.\n\n## MITIGATION\n\nSiemens has provided a firmware update (Ruggedcom WIN v4.4) that supports the mitigation technique and recommends customers to update to this version. The update does not fix the BEAST vulnerability itself. After the update, it is possible for customers to securely access the web interface with current version browsers, as the mitigation for the BEAST attack is contained in the browser code.\n\nFor more information on this vulnerability and detailed instructions, please see Siemens Security Advisory SSA-353456 at the following location:\n\n<http://www.siemens.com/cert/advisories>\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * aCWE-20: Improper Input Validation, http://cwe.mitre.org/data/definitions/20.html, web site last accessed April 08, 2014.\n * bNVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389, web site last accessed April 08, 2014.\n * cCVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:P/I:N/A:N, web site last accessed April 08, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-098-03>); we'd welcome your feedback.\n", "modified": "2018-09-06T00:00:00", "published": "2014-04-08T00:00:00", "id": "ICSA-14-098-03", "href": "https://www.us-cert.gov/ics/advisories/ICSA-14-098-03", "type": "ics", "title": "Siemens Ruggedcom WIN Products BEAST Attack Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}