Lucene search
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2578)
🗓️ 08 Aug 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 24 Views
Security Advisory for curl on Huawei EulerO
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
 | RHEL 9 : curl (RHSA-2023:5598) | 10 Oct 202300:00 | – | nessus |
| EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2023-2953) | 16 Jan 202400:00 | – | nessus |
| EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2023-2556) | 2 Aug 202300:00 | – | nessus |
| Ubuntu 16.04 ESM / 18.04 ESM : curl vulnerabilities (USN-6237-3) | 11 Sep 202300:00 | – | nessus |
| Fedora 38 : curl (2023-37eac50e9b) | 7 Jun 202300:00 | – | nessus |
| EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2023-2979) | 16 Jan 202400:00 | – | nessus |
| EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2578) | 8 Aug 202300:00 | – | nessus |
| EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2023-2537) | 2 Aug 202300:00 | – | nessus |
| Fedora 37 : curl (2023-8ed627bb04) | 8 Jun 202300:00 | – | nessus |
| EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-2350) | 18 Jul 202300:00 | – | nessus |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.2578");
script_cve_id("CVE-2023-28321", "CVE-2023-28322");
script_tag(name:"creation_date", value:"2023-08-08 04:15:41 +0000 (Tue, 08 Aug 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:C/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-06-16 19:17:39 +0000 (Fri, 16 Jun 2023)");
script_name("Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2578)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP9\-X86_64");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-2578");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-2578");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2023-2578 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subject Alternative Name' in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.(CVE-2023-28321)
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.(CVE-2023-28322)");
script_tag(name:"affected", value:"'curl' package(s) on Huawei EulerOS V2.0SP9(x86_64).");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP9-x86_64") {
if(!isnull(res = isrpmvuln(pkg:"curl", rpm:"curl~7.69.1~2.h23.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libcurl", rpm:"libcurl~7.69.1~2.h23.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo08 Aug 2023 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS35.9
EPSS0.00172
SSVC