Lucene search
K

Debian: Security Advisory (DSA-4331-1)

🗓️ 01 Nov 2018 00:00:00Reported by Copyright (C) 2018 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 58 Views

The remote host is missing an update for the Debian 'curl' package(s) announced via the DSA-4331-1 advisory. Two vulnerabilities were discovered in cURL, an URL transfer library. For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u8. We recommend that you upgrade your curl packages. [Link moved to references

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842)
7 Dec 202322:45
ibm
IBM Security Bulletins
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in cURL (CVE-2018-16840 CVE-2018-16842)
7 Dec 202322:45
ibm
IBM Security Bulletins
Security Bulletin: IBM MQ Advanced Cloud Pak is vulnerable to a buffer overflow in the curl command (CVE-2018-16842)
7 May 201917:15
ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in Red Hat® Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM)
20 Dec 201908:47
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private - fluentd
12 Feb 201918:05
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Curl used in OS image for RedHat Enterprise Linux for Cloud Pak System (CVE-2018-16842)
6 May 202012:02
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local
20 Dec 201913:58
ibm
IBM Security Bulletins
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u
5 Dec 201822:20
ibm
IBM Security Bulletins
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in cURL (CVE-2018-16840 CVE-2018-16842)
11 Apr 201920:35
ibm
IBM Security Bulletins
Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities
17 Dec 201816:15
ibm
Rows per page
# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.704331");
  script_cve_id("CVE-2018-16839", "CVE-2018-16842");
  script_tag(name:"creation_date", value:"2018-11-01 23:00:00 +0000 (Thu, 01 Nov 2018)");
  script_version("2024-02-02T05:06:06+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:06 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-12-07 16:25:32 +0000 (Fri, 07 Dec 2018)");

  script_name("Debian: Security Advisory (DSA-4331-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2018 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB9");

  script_xref(name:"Advisory-ID", value:"DSA-4331-1");
  script_xref(name:"URL", value:"https://www.debian.org/security/2018/DSA-4331-1");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-4331");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/curl");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'curl' package(s) announced via the DSA-4331-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Two vulnerabilities were discovered in cURL, an URL transfer library.

CVE-2018-16839

Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated instead of the intended very huge one, which would trigger a heap buffer overflow when the buffer is used.

CVE-2018-16842

Brian Carpenter discovered that the logic in the curl tool to wrap error messages at 80 columns is flawed, leading to a read buffer overflow if a single word in the message is itself longer than 80 bytes.

For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u8.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to its security tracker page at: [link moved to references]");

  script_tag(name:"affected", value:"'curl' package(s) on Debian 9.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB9") {

  if(!isnull(res = isdpkgvuln(pkg:"curl", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libcurl3", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libcurl3-dbg", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libcurl3-gnutls", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libcurl3-nss", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libcurl4-doc", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libcurl4-gnutls-dev", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libcurl4-nss-dev", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"libcurl4-openssl-dev", ver:"7.52.1-5+deb9u8", rls:"DEB9"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Feb 2024 00:00Current
9.3High risk
Vulners AI Score9.3
CVSS 27.5
CVSS 34.4 - 9.8
EPSS0.05782
SSVC
58