Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:1361412562311220221202HistoryFeb 26, 2022 - 12:00 a.m.
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1202)
2022-02-2600:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
2
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.1 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.5%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2022.1202");
script_cve_id("CVE-2021-22946", "CVE-2021-22947");
script_tag(name:"creation_date", value:"2022-02-26 03:21:18 +0000 (Sat, 26 Feb 2022)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-10-08 02:21:39 +0000 (Fri, 08 Oct 2021)");
script_name("Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1202)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP10");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2022-1202");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2022-1202");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2022-1202 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.(CVE-2021-22947)
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.(CVE-2021-22946)");
script_tag(name:"affected", value:"'curl' package(s) on Huawei EulerOS V2.0SP10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP10") {
if(!isnull(res = isrpmvuln(pkg:"curl", rpm:"curl~7.71.1~4.h12.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"curl-help", rpm:"curl-help~7.71.1~4.h12.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libcurl", rpm:"libcurl~7.71.1~4.h12.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libcurl-devel", rpm:"libcurl-devel~7.71.1~4.h12.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SUSE SLES11 Security Update : curl (SUSE-SU-2021:14807-1)
2021-09-24 00:00:00
RHEL 8 : curl (RHSA-2021:4059)
2021-11-02 00:00:00
Debian DLA-2773-1 : curl - LTS security update
2021-10-03 00:00:00
oraclelinux
oraclelinux
curl security update
2021-11-02 00:00:00
almalinux
almalinux
Moderate: curl security update
2021-11-02 07:49:01
osv
osv
curl vulnerabilities
2021-09-15 12:34:55
curl - security update
2021-09-30 00:00:00
Moderate: curl security update
2021-11-02 07:49:01
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1370)
2022-04-13 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1221)
2022-02-26 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1003)
2022-01-28 00:00:00
redhat
redhat
(RHSA-2022:0635) Moderate: curl security update
2022-02-22 14:34:54
(RHSA-2021:4059) Moderate: curl security update
2021-11-02 07:49:01
(RHSA-2022:1354) Moderate: rh-dotnet31-curl security update
2022-04-13 13:42:42
ubuntu
ubuntu
curl regression
2021-09-21 00:00:00
curl vulnerabilities
2021-09-15 00:00:00
curl vulnerabilities
2021-09-21 00:00:00
suse
suse
Security update for curl (moderate)
2021-10-06 00:00:00
Security update for curl (moderate)
2021-10-18 00:00:00
ibm
ibm
rocky
rocky
curl security update
2021-11-02 07:49:01
debian
debian
[SECURITY] [DLA 2773-1] curl security update
2021-09-30 21:58:49
[SECURITY] [DLA 3085-1] curl security update
2022-08-28 23:00:51
[SECURITY] [DSA 5197-1] curl security update
2022-08-01 16:58:44
amazon
amazon
Medium: curl
2021-11-10 22:13:00
Medium: curl
2021-12-08 02:22:00
photon
photon
slackware
slackware
[slackware-security] curl
2021-09-16 03:11:12
cloudfoundry
cloudfoundry
USN-5079-1: curl vulnerabilities | Cloud Foundry
2021-10-28 00:00:00
freebsd
freebsd
cURL -- Multiple vulnerabilities
2021-09-15 00:00:00
MySQL -- Multiple vulnerabilities
2022-01-18 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2021-09-23 07:49:29
fedora
fedora
[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35
2021-11-03 01:12:29
[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34
2021-09-21 15:33:29
[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33
2021-10-02 01:10:15
alpinelinux
alpinelinux
CVE-2021-22946
2021-09-29 20:15:00
CVE-2021-22947
2021-09-29 20:15:00
hackerone
hackerone
curl: CVE-2021-22946: Protocol downgrade required TLS bypassed
2021-09-09 00:34:37
curl: CVE-2021-22947: STARTTLS protocol injection via MITM
2021-09-09 14:00:44
redhatcve
redhatcve
CVE-2021-22946
2021-09-15 06:52:15
CVE-2021-22947
2021-09-15 07:22:02
cve
cve
CVE-2021-22946
2021-09-29 20:15:00
CVE-2021-22947
2021-09-29 20:15:00
prion
prion
Design/Logic Flaw
2021-09-29 20:15:00
Code injection
2021-09-29 20:15:00
veracode
veracode
Man-In-The-Middle Attack (MitM)
2021-09-17 21:34:37
Denial Of Service (DoS)
2021-09-17 21:34:33
debiancve
debiancve
CVE-2021-22947
2021-09-29 20:15:00
CVE-2021-22946
2021-09-29 20:15:00
ubuntucve
ubuntucve
CVE-2021-22947
2021-09-15 00:00:00
CVE-2021-22946
2021-09-15 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-22947 affecting package curl 7.76.0-9
2021-10-05 03:00:51
CVE-2021-22946 affecting package curl 7.76.0-9
2021-10-05 03:00:51
CVE-2021-22946 affecting package curl for versions less than 7.82.0-1
2022-04-09 06:51:45
mscve
mscve
Open Source Curl Remote Code Execution Vulnerability
2022-01-11 08:00:00
krebs
krebs
‘Wormable’ Flaw Leads January 2022 Patch Tuesday
2022-01-11 22:18:55
malwarebytes
malwarebytes
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
hivepro
hivepro
Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws
2022-01-12 07:30:07
thn
thn
threatpost
threatpost
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
2022-01-11 21:54:57
ics
ics
Siemens RUGGEDCOM ROX
2023-07-13 12:00:00
Siemens SINEC INS
2022-03-10 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
apple
apple
About the security content of macOS Monterey 12.3
2022-03-14 00:00:00
mskb
mskb
January 11, 2022—KB5009566 (OS Build 22000.434)
2022-01-11 08:00:00
January 11, 2022—KB5009545 (OS Build 18363.2037)
2022-01-11 08:00:00
January 11, 2022—KB5009557 (OS Build 17763.2452)
2022-01-11 08:00:00
kaspersky
kaspersky
KLA12422 Multiple vulnerabilities in Microsoft Windows
2022-01-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2022
2022-01-11 21:41:56
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.1 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.5%
Related for OPENVAS:1361412562311220221202