Lucene search
UbuntuUSN-818-1HistoryAug 17, 2009 - 12:00 a.m.
curl vulnerability
2009-08-1700:00:00
ubuntu.com
43
7.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
50.2%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- curl -
Details
Scott Cantor discovered that Curl did not correctly handle SSL
certificates with zero bytes in the Common Name. A remote attacker could
exploit this to perform a machine-in-the-middle attack to view sensitive
information or alter encrypted communications.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.04 | noarch | libcurl3 | < 7.18.2-8ubuntu4.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | curl | < 7.18.2-8ubuntu4.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libcurl3-dbg | < 7.18.2-8ubuntu4.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libcurl3-gnutls | < 7.18.2-8ubuntu4.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libcurl4-gnutls-dev | < 7.18.2-8ubuntu4.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libcurl4-openssl-dev | < 7.18.2-8ubuntu4.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libcurl3 | < 7.18.2-1ubuntu4.4 | UNKNOWN |
| Ubuntu | 8.10 | noarch | curl | < 7.18.2-1ubuntu4.4 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libcurl3-dbg | < 7.18.2-1ubuntu4.4 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libcurl3-gnutls | < 7.18.2-1ubuntu4.4 | UNKNOWN |
References
Related
altlinux
altlinux
Security fix for the ALT Linux 6 package curl version 7.19.6-alt1
2009-08-13 00:00:00
Security fix for the ALT Linux 8 package curl version 7.19.6-alt1
2009-08-13 00:00:00
openvas
openvas
CentOS Update for curl CESA-2009:1209 centos5 i386
2011-08-09 00:00:00
SLES11: Security update for curl
2009-10-11 00:00:00
SLES9: Security update for curl
2009-10-10 00:00:00
nessus
nessus
Debian DSA-1869-1 : curl - insufficient input validation
2010-02-24 00:00:00
RHEL 3 / 4 / 5 : curl (RHSA-2009:1209)
2009-08-18 00:00:00
Oracle Linux 3 / 4 / 5 : curl (ELSA-2009-1209)
2013-07-12 00:00:00
debian
debian
slackware
slackware
curl
2009-08-14 15:21:33
redhat
redhat
(RHSA-2009:1209) Moderate: curl security update
2009-08-13 00:00:00
oraclelinux
oraclelinux
curl security update
2009-08-13 00:00:00
curl security, bug fix and enhancement update
2010-04-05 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:35:32
centos
centos
curl security update
2009-08-14 02:34:58
gentoo
gentoo
cURL: Certificate validation error
2009-09-25 00:00:00
ubuntucve
ubuntucve
CVE-2009-2417
2009-08-14 00:00:00
securityvulns
securityvulns
cURL / libcurl SSL certificate spoofing
2009-08-17 00:00:00
[ MDVSA-2009:203 ] curl
2009-08-17 00:00:00
[USN-1158-1] curl vulnerabilities
2011-06-28 00:00:00
prion
prion
Design/Logic Flaw
2009-08-14 15:16:00
debiancve
debiancve
CVE-2009-2417
2009-08-14 15:16:00
cve
cve
CVE-2009-2417
2009-08-14 15:16:00
ubuntu
ubuntu
curl vulnerabilities
2011-06-24 00:00:00
vmware
vmware
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
7.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
50.2%
Related for USN-818-1