Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 Tenable Network Security, Inc.OPENSUSE-2012-76.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)

2014-06-1300:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
7
JSON

  • Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452, CVE-2012-0036)

    • Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option when built against an older OpenSSL version (CVE-2010-4180).

    • Don’t enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (bnc#742306, CVE-2011-3389).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-76.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74807);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id("CVE-2010-4180", "CVE-2011-3389", "CVE-2012-0036");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"- Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452,
    CVE-2012-0036)

  - Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option
    when built against an older OpenSSL version
    (CVE-2010-4180).

  - Don't enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
    (bnc#742306, CVE-2011-3389).");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=740452");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742306");
  script_set_attribute(attribute:"solution", value:
"Update the affected curl packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"curl-7.22.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"curl-debuginfo-7.22.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libcurl-devel-7.22.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libcurl4-7.22.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libcurl4-debuginfo-7.22.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libcurl4-32bit-7.22.0-2.3.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libcurl4-debuginfo-32bit-7.22.0-2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / libcurl-devel / libcurl4-32bit / libcurl4 / etc");
}
VendorProductVersionCPE
novellopensusecurlp-cpe:/a:novell:opensuse:curl
novellopensusecurl-debuginfop-cpe:/a:novell:opensuse:curl-debuginfo
novellopensuselibcurl-develp-cpe:/a:novell:opensuse:libcurl-devel
novellopensuselibcurl4p-cpe:/a:novell:opensuse:libcurl4
novellopensuselibcurl4-32bitp-cpe:/a:novell:opensuse:libcurl4-32bit
novellopensuselibcurl4-debuginfop-cpe:/a:novell:opensuse:libcurl4-debuginfo
novellopensuselibcurl4-debuginfo-32bitp-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit
novellopensuse12.1cpe:/o:novell:opensuse:12.1

Related

nessus 46
osv 3
openvas 66
debian 4
gentoo 1
securityvulns 5
ubuntucve 4
cve 4
fedora 20
prion 4
debiancve 4
ubuntu 2
veracode 3
openssl 1
altlinux 5
f5 5
redhat 2
checkpoint_security 1
ibm 7
cert 1
checkpoint_advisories 2
seebug 1
ics 1
mskb 1
freebsd 1
rubygems 1
slackware 1
oraclelinux 2
centos 1
nessus
nessus
openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : curl (MDVSA-2012:058)
2012-04-16 00:00:00
Debian DSA-2398-2 : curl - several vulnerabilities (BEAST)
2012-01-31 00:00:00
osv
osv
curl - several
2012-03-31 00:00:00
openssl - protocol design flaw
2011-01-06 00:00:00
nss - protocol design flaw
2011-01-06 00:00:00
openvas
openvas
Mandriva Update for curl MDVSA-2012:058 (curl)
2012-08-03 00:00:00
Debian Security Advisory DSA 2398-1 (curl)
2012-02-12 00:00:00
Debian Security Advisory DSA 2398-1 (curl)
2012-02-12 00:00:00
debian
debian
[SECURITY] [DSA 2398-1] curl security update
2012-01-30 19:49:07
[SECURITY] [DSA 2398-2] curl regression
2012-03-31 19:38:57
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
gentoo
gentoo
cURL: Multiple vulnerabilities
2012-03-06 00:00:00
securityvulns
securityvulns
[USN-1346-1] curl vulnerability
2012-02-08 00:00:00
curl data injection
2012-02-08 00:00:00
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2014-05-05 00:00:00
ubuntucve
ubuntucve
CVE-2012-0036
2012-01-24 00:00:00
CVE-2010-4180
2010-12-06 00:00:00
CVE-2011-3389
2011-11-16 00:00:00
cve
cve
CVE-2012-0036
2012-04-13 20:55:00
CVE-2010-4180
2010-12-06 21:05:00
CVE-2011-3389
2011-09-06 19:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: curl-7.21.7-6.fc16
2012-01-28 03:31:08
[SECURITY] Fedora 15 Update: nss-util-3.13.1-3.fc15
2012-01-22 05:26:28
[SECURITY] Fedora 15 Update: xulrunner-9.0.1-1.fc15
2012-01-22 05:26:29
prion
prion
Crlf injection
2012-04-13 20:55:00
Session fixation
2010-12-06 21:05:00
Session fixation
2011-09-06 19:55:00
debiancve
debiancve
CVE-2012-0036
2012-04-13 20:55:00
CVE-2010-4180
2010-12-06 21:05:00
CVE-2011-3389
2011-09-06 19:55:00
ubuntu
ubuntu
curl vulnerability
2012-01-24 00:00:00
OpenSSL vulnerabilities
2010-12-08 00:00:00
veracode
veracode
Insecure TLS Configuration
2020-04-10 00:56:26
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
Blockwise Chosen-boundary Attacks
2017-04-27 06:38:37
openssl
openssl
Vulnerability in OpenSSL CVE-2010-4180
2010-12-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0c-alt1
2011-02-01 00:00:00
f5
f5
SOL12543 - OpenSSL vulnerability CVE-2010-4180
2011-01-26 00:00:00
K12543 : OpenSSL vulnerability CVE-2010-4180
2013-07-05 00:00:00
SOL12853 - OpenSSL vulnerability CVE-2008-7270
2011-05-24 00:00:00
redhat
redhat
(RHSA-2010:0979) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0978) Moderate: openssl security update
2010-12-13 00:00:00
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)
2018-06-18 00:09:28
Security Bulletin: IBM System x and Flex Systems Browser Exploit Against SSL/TLS (BEAST) Mitigations (CVE-2011-3389)
2022-05-16 16:03:13
Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)
2023-03-29 01:48:02
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against SSL and TLS Protocols Information Disclosure (MS12-006; CVE-2011-3389)
2012-01-10 00:00:00
Web Servers SSL Flooding Denial of Service (CVE-2011-3389)
2011-11-06 00:00:00
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
mskb
mskb
MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012
2012-01-10 00:00:00
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
rubygems
rubygems
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
2011-08-31 00:00:00
slackware
slackware
[slackware-security] openssl
2010-12-07 07:14:58
oraclelinux
oraclelinux
openssl security update
2011-02-10 00:00:00
openssl security update
2010-12-13 00:00:00
centos
centos
openssl security update
2010-12-14 01:19:08
JSON
Related for OPENSUSE-2012-76.NASL
nessus46osv3openvas66debian4gentoo1securityvulns5ubuntucve4cve4fedora20prion4debiancve4ubuntu2veracode3openssl1altlinux5f55redhat2checkpoint_security1ibm7cert1checkpoint_advisories2seebug1ics1mskb1freebsd1rubygems1slackware1oraclelinux2centos1