Updated curl packages fix security vulnerabilities related to NTLM authentication, connection reuse, and SSL certificate validation
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
F5 Networks | K15862 : Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139 | 25 Nov 201400:00 | – | f5 |
F5 Networks | SOL15862 - Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139 | 25 Nov 201400:00 | – | f5 |
F5 Networks | K16704 : cURL and libcurl vulnerability CVE-2015-3143 | 29 May 201500:00 | – | f5 |
F5 Networks | SOL16704 - cURL and libcurl vulnerability CVE-2015-3143 | 29 May 201500:00 | – | f5 |
Mageia | Updated curl packages fix multiple vulnerabilities | 3 Apr 201404:56 | – | mageia |
Mageia | Updated lftp packages fix CVE-2014-0139 | 24 Apr 201500:14 | – | mageia |
OpenVAS | Mageia: Security Advisory (MGASA-2014-0153) | 28 Jan 202200:00 | – | openvas |
OpenVAS | Ubuntu Update for curl USN-2167-1 | 15 Apr 201400:00 | – | openvas |
OpenVAS | Debian Security Advisory DSA 2902-1 (curl - security update) | 13 Apr 201400:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-2167-1) | 15 Apr 201400:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2014:110.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74418);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139");
script_bugtraq_id(65270, 66457, 66458);
script_xref(name:"MDVSA", value:"2014:110");
script_name(english:"Mandriva Linux Security Advisory : curl (MDVSA-2014:110)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated curl packages fix security vulnerabilities :
Paras Sethia discovered that libcurl would sometimes mix up multiple
HTTP and HTTPS connections with NTLM authentication to the same
server, sending requests for one user over the connection
authenticated as a different user (CVE-2014-0015).
libcurl can in some circumstances re-use the wrong connection when
asked to do transfers using other protocols than HTTP and FTP, causing
a transfer that was initiated by an application to wrongfully re-use
an existing connection to the same server that was authenticated using
different credentials (CVE-2014-0138).
libcurl incorrectly validates wildcard SSL certificates containing
literal IP addresses, so under certain conditions, it would allow and
use a wildcard match specified in the CN field, allowing a malicious
server to participate in a MITM attack or just fool users into
believing that it is a legitimate site (CVE-2014-0139)."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0153.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:curl-examples");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64curl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64curl4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"curl-7.24.0-3.5.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"curl-examples-7.24.0-3.5.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64curl-devel-7.24.0-3.5.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64curl4-7.24.0-3.5.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo