Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562311220191002HistoryJan 23, 2020 - 12:00 a.m.
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1002)
2020-01-2300:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
10
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
77.6%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2019.1002");
script_cve_id("CVE-2017-1000100", "CVE-2018-1000007");
script_tag(name:"creation_date", value:"2020-01-23 11:26:52 +0000 (Thu, 23 Jan 2020)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-02-09 20:17:39 +0000 (Fri, 09 Feb 2018)");
script_name("Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1002)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP5");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2019-1002");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2019-1002");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2019-1002 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.(CVE-2018-1000007)
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.(CVE-2017-1000100)");
script_tag(name:"affected", value:"'curl' package(s) on Huawei EulerOS V2.0SP5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"curl", rpm:"curl~7.29.0~46.h7.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libcurl", rpm:"libcurl~7.29.0~46.h7.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libcurl-devel", rpm:"libcurl-devel~7.29.0~46.h7.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1401)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1206)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1427)
2020-01-23 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1401)
2018-12-10 00:00:00
EulerOS Virtualization 2.5.4 : curl (EulerOS-SA-2019-1206)
2019-04-09 00:00:00
EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1002)
2019-01-08 00:00:00
redhatcve
redhatcve
CVE-2017-1000100
2017-08-09 06:49:28
CVE-2018-1000007
2018-01-24 08:19:31
veracode
veracode
Information Disclosure
2018-06-13 08:11:02
Information Disclosure
2019-01-15 09:25:18
osv
osv
CVE-2017-1000100
2017-10-05 01:29:04
curl - security update
2017-08-20 00:00:00
curl - security update
2018-01-29 00:00:00
ibm
ibm
cve
cve
CVE-2017-1000100
2017-10-05 01:29:00
CVE-2018-1000007
2018-01-24 22:29:00
CVE-2021-31879
2021-04-29 05:15:00
debian
debian
[SECURITY] [DLA 1062-1] curl security update
2017-08-20 16:48:29
[SECURITY] [DLA 1263-1] curl security update
2018-01-29 21:39:06
[SECURITY] [DSA 4098-1] curl security update
2018-01-26 09:59:00
ubuntucve
ubuntucve
CVE-2017-1000100
2017-10-04 00:00:00
CVE-2018-1000007
2018-01-24 00:00:00
CVE-2021-27023
2021-11-18 00:00:00
debiancve
debiancve
CVE-2017-1000100
2017-10-05 01:29:00
CVE-2018-1000007
2018-01-24 22:29:00
CVE-2019-15052
2019-08-14 20:15:00
prion
prion
Heap overflow
2017-10-05 01:29:00
Authentication flaw
2018-01-24 22:29:00
Authorization
2021-04-29 05:15:00
alpinelinux
alpinelinux
CVE-2017-1000100
2017-10-05 01:29:00
CVE-2021-31879
2021-04-29 05:15:00
freebsd
freebsd
cURL -- Multiple vulnerabilities
2018-01-24 00:00:00
puppet -- Unsafe HTTP Redirect
2021-11-09 00:00:00
cURL -- multiple vulnerabilities
2017-08-09 00:00:00
ubuntu
ubuntu
curl vulnerability
2018-02-01 00:00:00
curl vulnerabilities
2018-01-31 00:00:00
curl vulnerabilities
2017-10-10 00:00:00
hackerone
hackerone
curl: Proxy-Authorization header carried to a new host on a redirect
2021-01-25 02:37:39
symantec
symantec
cURL/libcURL CVE-2018-1000007 Information Disclosure Vulnerability
2018-01-24 00:00:00
rubygems
rubygems
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
2021-12-01 21:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: curl-7.53.1-10.fc26
2017-08-13 20:56:17
[SECURITY] Fedora 25 Update: curl-7.51.0-9.fc25
2017-08-14 00:56:15
[SECURITY] Fedora 26 Update: curl-7.53.1-14.fc26
2018-01-30 17:34:43
cloudfoundry
cloudfoundry
USN-3554-1: curl vulnerabilities | Cloud Foundry
2018-03-01 00:00:00
USN-3441-1: curl vulnerabilities | Cloud Foundry
2017-11-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.58.0-alt1
2018-01-24 00:00:00
Security fix for the ALT Linux 8 package curl version 7.55.0-alt1
2017-08-09 00:00:00
github
github
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
2021-12-02 17:52:45
Potential leak of authentication data to 3rd parties
2023-04-27 14:02:11
amazon
amazon
archlinux
archlinux
[ASA-201801-25] lib32-libcurl-gnutls: multiple issues
2018-01-29 00:00:00
[ASA-201801-20] curl: multiple issues
2018-01-28 00:00:00
[ASA-201801-26] lib32-libcurl-compat: multiple issues
2018-01-29 00:00:00
slackware
slackware
[slackware-security] curl
2018-01-25 02:28:38
[slackware-security] curl
2017-08-09 20:47:02
mageia
mageia
Updated curl packages fix security vulnerabilities
2017-08-19 12:58:33
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-09-17 00:00:00
cURL: Multiple vulnerabilities
2018-04-08 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0108
2018-02-14 00:00:00
Critical Photon OS Security Update - PHSA-2017-0082
2017-11-08 00:00:00
Critical Photon OS Security Update - PHSA-2018-0108
2018-02-14 00:00:00
redhat
redhat
(RHSA-2020:0544) Moderate: curl security update
2020-02-18 13:56:21
(RHSA-2018:3157) Moderate: curl and nss-pem security and bug fix update
2018-10-30 04:24:21
(RHSA-2020:0594) Moderate: curl security update
2020-02-25 11:32:48
rosalinux
rosalinux
Advisory ROSA-SA-2021-1996
2021-07-02 18:19:54
oraclelinux
oraclelinux
curl and nss-pem security and bug fix update
2018-11-05 00:00:00
centos
centos
curl, libcurl, nss security update
2018-11-15 18:44:09
suse
suse
Security update for CaaS Platform 1.0 images (important)
2017-09-14 21:11:54
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
77.6%
Related for OPENVAS:1361412562311220191002