Vulnerabilities > CVE-2007-3564 - Unspecified vulnerability in Libcurl

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
libcurl
nessus
NVD
Published: 2007-07-18
Updated: 2024-11-21

Summary

libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.

Vulnerable Configurations

Part Description Count
Application
Libcurl
7

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1333.NASL
    descriptionIt has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates.
    last seen2020-06-01
    modified2020-06-02
    plugin id25742
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25742
    titleDebian DSA-1333-1 : libcurl3-gnutls - missing input validation
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1333. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(25742);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:20");

  script_cve_id("CVE-2007-3564");
  script_xref(name:"DSA", value:"1333");

  script_name(english:"Debian DSA-1333-1 : libcurl3-gnutls - missing input validation");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It has been discovered that the GnuTLS certificate verification
methods implemented in libcurl-gnutls, a solid, usable, and portable
multi-protocol file transfer library, did not check for expired or
invalid dates."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2007/dsa-1333"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the libcurl3-gnutls package.

For the stable distribution (etch), this problem has been fixed in
version 7.15.5-1etch1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcurl3-gnutls");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"curl", reference:"7.15.5-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libcurl3", reference:"7.15.5-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libcurl3-dbg", reference:"7.15.5-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libcurl3-dev", reference:"7.15.5-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libcurl3-gnutls", reference:"7.15.5-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libcurl3-gnutls-dev", reference:"7.15.5-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"libcurl3-openssl-dev", reference:"7.15.5-1etch1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-484-1.NASL
    descriptionIt was discovered that the GnuTLS certificate verification methods implemented in Curl did not check for expiration and activation dates. When performing validations, tools using libcurl3-gnutls would incorrectly allow connections to sites using expired certificates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28085
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28085
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : curl vulnerability (USN-484-1)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-484-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(28085);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:33:01");

  script_cve_id("CVE-2007-3564");
  script_xref(name:"USN", value:"484-1");

  script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 : curl vulnerability (USN-484-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the GnuTLS certificate verification methods
implemented in Curl did not check for expiration and activation dates.
When performing validations, tools using libcurl3-gnutls would
incorrectly allow connections to sites using expired certificates.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/484-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-openssl-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|6\.10|7\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"curl", pkgver:"7.15.1-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libcurl3", pkgver:"7.15.1-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libcurl3-dbg", pkgver:"7.15.1-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libcurl3-dev", pkgver:"7.15.1-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libcurl3-gnutls", pkgver:"7.15.1-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libcurl3-gnutls-dev", pkgver:"7.15.1-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libcurl3-openssl-dev", pkgver:"7.15.1-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"curl", pkgver:"7.15.4-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libcurl3", pkgver:"7.15.4-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libcurl3-dbg", pkgver:"7.15.4-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libcurl3-dev", pkgver:"7.15.4-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libcurl3-gnutls", pkgver:"7.15.4-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libcurl3-gnutls-dev", pkgver:"7.15.4-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libcurl3-openssl-dev", pkgver:"7.15.4-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"curl", pkgver:"7.15.5-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libcurl3", pkgver:"7.15.5-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libcurl3-dbg", pkgver:"7.15.5-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libcurl3-dev", pkgver:"7.15.5-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libcurl3-gnutls", pkgver:"7.15.5-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libcurl3-gnutls-dev", pkgver:"7.15.5-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libcurl3-openssl-dev", pkgver:"7.15.5-1ubuntu2.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / libcurl3 / libcurl3-dbg / libcurl3-dev / libcurl3-gnutls / etc");
}

Statements

contributorMark J Cox
lastmodified2007-07-20
organizationRed Hat
statementNot vulnerable. The curl packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are not linked against the gnutls library.

References