Lucene search

K
ibmIBM9FD583B4EB98DE738D4995A7051ACB001233C81BBDFA0CEB3450CE85EA2D30A9
HistoryJan 19, 2023 - 8:14 p.m.

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

2023-01-1920:14:45
www.ibm.com
26

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.8%

Summary

There are multiple vulnerabilities in Curl that affect PowerSC.

Vulnerability Details

CVEID:CVE-2022-32206
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a flaw in the number of acceptable “links” in the “chained” HTTP compression algorithms. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to insert a virtually unlimited number of compression steps, and results in a denial of service condition.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229740 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-32207
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by improper preservation of permissions when saving cookies, alt-svc and hsts data to local files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229741 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-32208
**DESCRIPTION:**cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to inject data to the client…
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229742 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-32205
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by an issue with the ability to set excessive amounts of Set-Cookie: headers in a HTTP response to curl by a server. By persuading a victim to connect a specially-crafted server, a remote attacker could exploit this vulnerability to create requests that become larger than the threshold, and results in a denial of service condition.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229739 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-35252
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a flaw when cookies contain control codes are later sent back to an HTTP(S) server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a “sister site” to deny service to siblings.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234980 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
PowerSC 1.3, 2.0, 2.1

The vulnerabilities in the following filesets are being addressed:

Fileset Lower Level Upper Level
powerscStd.tnc_pm 1.3.0.4 2.1.0.4
curl-7.85.0-1.aix7.1.ppc.rpm 7.19.4 7.83.1

Note: To find out whether the affected PowerSC filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide. To find out whether the affected curl filesets are installed on your systems, refer to the rpm command found in AIX user’s guide.

Example: lslpp -l | grep powerscStd

Example: rpm -qa | grep curl

Remediation/Fixes

A. FIXES

IBM highly recommends addressing the vulnerabilities now.

The fixes can be downloaded via ftp or http from:

ftp://aix.software.ibm.com/aix/efixes/powersc/security/curl_fix9.tar

<http://aix.software.ibm.com/aix/efixes/powersc/security/curl_fix9.tar&gt;

<https://aix.software.ibm.com/aix/efixes/powersc/security/curl_fix9.tar&gt;

The link above is to a tar file containing this signed advisory, open source fix packages, and OpenSSL signatures for each package.

To extract the fixes from the tar file:

tar xvf curl_fix9.tar

cd curl_fix9

Verify you have retrieved the fixes intact:

The checksums below were generated using the “openssl dgst -sha256 [filename]” command as the following:

openssl dgst -sha256 filename
77a5e41cca844667283272b571317056f79302d983d75c627bbeaca5d3845172 curl-7.85.0-1.aix7.1.ppc.rpm

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes. If the sums or signatures cannot be confirmed, contact IBM Support.

openssl dgst -sha256 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]

openssl dgst -sha256 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]

Published advisory OpenSSL signature file location:

<http://aix.software.ibm.com/aix/efixes/powersc/security/curl_advisory9.asc.sig&gt;

<https://aix.software.ibm.com/aix/efixes/powersc/security/curl_advisory9.asc.sig&gt;

ftp://aix.software.ibm.com/aix/efixes/powersc/security/curl_advisory9.asc.sig

B. FIX AND INTERIM FIX INSTALLATION

IMPORTANT: If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To extract the fixes from the tar file:

tar xvf curl_fix9.tar

cd curl_fix9

To install a fix package:

rpm -ivh *.rpm

rpm -Uvh *.rpm

To install any dependencies along with the fix package:

yum update curl

Workarounds and Mitigations

None

CPENameOperatorVersion
powersc standard editioneq2.1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.8%

Related for 9FD583B4EB98DE738D4995A7051ACB001233C81BBDFA0CEB3450CE85EA2D30A9