Vulnerabilities > CVE-2015-3148 - Improper Access Control vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE

Summary

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Vulnerable Configurations

Part Description Count
OS
Fedoraproject
2
OS
Canonical
4
OS
Debian
1
OS
Apple
5
OS
Opensuse
2
Application
Haxx
144
Application
Hp
82

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL16707.NASL
    descriptioncURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. (CVE-2015-3148)
    last seen2020-06-01
    modified2020-06-02
    plugin id93135
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93135
    titleF5 Networks BIG-IP : cURL and libcurl vulnerability (K16707)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution K16707.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93135);
      script_version("2.5");
      script_cvs_date("Date: 2019/01/04 10:03:40");
    
      script_cve_id("CVE-2015-3148");
      script_bugtraq_id(74301);
    
      script_name(english:"F5 Networks BIG-IP : cURL and libcurl vulnerability (K16707)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use
    authenticated Negotiate connections, which allows remote attackers to
    connect as other users via a request. (CVE-2015-3148)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K16707"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution K16707."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "K16707";
    vmatrix = make_array();
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("12.0.0","11.3.0-11.6.1");
    vmatrix["AFM"]["unaffected"] = make_list("12.1.0","11.6.1HF1","11.5.4HF2");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("12.0.0","11.4.0-11.6.1");
    vmatrix["AM"]["unaffected"] = make_list("12.1.0","11.6.1HF1","11.5.4HF2");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1","10.1.0-10.2.4");
    vmatrix["APM"]["unaffected"] = make_list("12.1.0","11.6.1HF1","11.5.4HF2");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1","10.0.0-10.2.4");
    vmatrix["ASM"]["unaffected"] = make_list("12.1.0","11.6.1HF1","11.5.4HF2");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1");
    vmatrix["AVR"]["unaffected"] = make_list("12.1.0","11.6.1HF1","11.5.4HF2");
    
    # GTM
    vmatrix["GTM"] = make_array();
    vmatrix["GTM"]["affected"  ] = make_list("11.0.0-11.6.1","10.0.0-10.2.4");
    vmatrix["GTM"]["unaffected"] = make_list("11.6.1HF1","11.5.4HF2");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1","10.0.0-10.2.4");
    vmatrix["LC"]["unaffected"] = make_list("12.1.0","11.6.1HF1","11.5.4HF2");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("12.0.0","11.0.0-11.6.1","10.0.0-10.2.4");
    vmatrix["LTM"]["unaffected"] = make_list("12.1.0","11.6.1HF1","11.5.4HF2");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("12.0.0","11.3.0-11.6.1");
    vmatrix["PEM"]["unaffected"] = make_list("12.1.0","11.6.1HF1","11.5.4HF2");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0962-1.NASL
    descriptionThe curl tool and libcurl4 library have been updated to fix several security and non-security issues. The following vulnerabilities have been fixed : CVE-2015-3143: Re-using authenticated connection when unauthenticated. (bsc#927556) CVE-2015-3148: Negotiate not treated as connection-oriented. (bsc#927746) CVE-2015-3153: Sensitive HTTP server headers also sent to proxies. (bsc#928533) The following non-security issue has been fixed : git fails to clone from https repository. (bsc#927174) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83903
    published2015-05-29
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83903
    titleSUSE SLED11 / SLES11 Security Update : curl (SUSE-SU-2015:0962-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:0962-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83903);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-3143", "CVE-2015-3148", "CVE-2015-3153");
      script_bugtraq_id(74299, 74301, 74408);
    
      script_name(english:"SUSE SLED11 / SLES11 Security Update : curl (SUSE-SU-2015:0962-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The curl tool and libcurl4 library have been updated to fix several
    security and non-security issues.
    
    The following vulnerabilities have been fixed :
    
    CVE-2015-3143: Re-using authenticated connection when unauthenticated.
    (bsc#927556)
    
    CVE-2015-3148: Negotiate not treated as connection-oriented.
    (bsc#927746)
    
    CVE-2015-3153: Sensitive HTTP server headers also sent to proxies.
    (bsc#928533)
    
    The following non-security issue has been fixed :
    
    git fails to clone from https repository. (bsc#927174)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928533"
      );
      # https://download.suse.com/patch/finder/?keywords=15283cac05d947363283c7ddcb466af0
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?386b8563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3143/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3148/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3153/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20150962-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0afcc3ad"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11 SP3 :
    
    zypper in -t patch sdksp3-curl=10660
    
    SUSE Linux Enterprise Server 11 SP3 for VMware :
    
    zypper in -t patch slessp3-curl=10660
    
    SUSE Linux Enterprise Server 11 SP3 :
    
    zypper in -t patch slessp3-curl=10660
    
    SUSE Linux Enterprise Desktop 11 SP3 :
    
    zypper in -t patch sledsp3-curl=10660
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcurl4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"libcurl4-32bit-7.19.7-1.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"libcurl4-32bit-7.19.7-1.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"curl-7.19.7-1.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"libcurl4-7.19.7-1.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"curl-7.19.7-1.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"libcurl4-7.19.7-1.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"libcurl4-32bit-7.19.7-1.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"curl-7.19.7-1.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"libcurl4-7.19.7-1.42.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2159.NASL
    descriptionUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id86934
    published2015-11-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86934
    titleRHEL 7 : curl (RHSA-2015:2159)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:2159. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86934);
      script_version("2.11");
      script_cvs_date("Date: 2019/10/24 15:35:40");
    
      script_cve_id("CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148");
      script_xref(name:"RHSA", value:"2015:2159");
    
      script_name(english:"RHEL 7 : curl (RHSA-2015:2159)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated curl packages that fix multiple security issues, several bugs,
    and add two enhancements are now available for Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The curl packages provide the libcurl library and the curl utility for
    downloading files from servers using various protocols, including
    HTTP, FTP, and LDAP.
    
    It was found that the libcurl library did not correctly handle partial
    literal IP addresses when parsing received HTTP cookies. An attacker
    able to trick a user into connecting to a malicious server could use
    this flaw to set the user's cookie to a crafted domain, making other
    cookie-related issues easier to exploit. (CVE-2014-3613)
    
    A flaw was found in the way the libcurl library performed the
    duplication of connection handles. If an application set the
    CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's
    duplicate could cause the application to crash or disclose a portion
    of its memory. (CVE-2014-3707)
    
    It was discovered that the libcurl library failed to properly handle
    URLs with embedded end-of-line characters. An attacker able to make an
    application using libcurl access a specially crafted URL via an HTTP
    proxy could use this flaw to inject additional headers to the request
    or construct additional requests. (CVE-2014-8150)
    
    It was discovered that libcurl implemented aspects of the NTLM and
    Negotiate authentication incorrectly. If an application uses libcurl
    and the affected mechanisms in a specific way, certain requests to a
    previously NTLM-authenticated server could appears as sent by the
    wrong authenticated user. Additionally, the initial set of credentials
    for HTTP Negotiate-authenticated requests could be reused in
    subsequent requests, although a different set of credentials was
    specified. (CVE-2015-3143, CVE-2015-3148)
    
    Red Hat would like to thank the cURL project for reporting these
    issues.
    
    Bug fixes :
    
    * An out-of-protocol fallback to SSL 3.0 was available with libcurl.
    Attackers could abuse the fallback to force downgrade of the SSL
    version. The fallback has been removed from libcurl. Users requiring
    this functionality can explicitly enable SSL 3.0 through the libcurl
    API. (BZ#1154060)
    
    * TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl.
    You can explicitly disable them through the libcurl API. (BZ#1170339)
    
    * FTP operations such as downloading files took a significantly long
    time to complete. Now, the FTP implementation in libcurl correctly
    sets blocking direction and estimated timeout for connections,
    resulting in faster FTP transfers. (BZ#1218272)
    
    Enhancements :
    
    * With the updated packages, it is possible to explicitly enable or
    disable new Advanced Encryption Standard (AES) cipher suites to be
    used for the TLS protocol. (BZ#1066065)
    
    * The libcurl library did not implement a non-blocking SSL handshake,
    which negatively affected performance of applications based on the
    libcurl multi API. The non-blocking SSL handshake has been implemented
    in libcurl, and the libcurl multi API now immediately returns the
    control back to the application whenever it cannot read or write data
    from or to the underlying network socket. (BZ#1091429)
    
    * The libcurl library used an unnecessarily long blocking delay for
    actions with no active file descriptors, even for short operations.
    Some actions, such as resolving a host name using /etc/hosts, took a
    long time to complete. The blocking code in libcurl has been modified
    so that the initial delay is short and gradually increases until an
    event occurs. (BZ#1130239)
    
    All curl users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues and add these
    enhancements."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:2159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3613"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3707"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3148"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libcurl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libcurl-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:2159";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"curl-7.29.0-25.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"curl-7.29.0-25.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"curl-debuginfo-7.29.0-25.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libcurl-7.29.0-25.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libcurl-devel-7.29.0-25.el7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / libcurl / libcurl-devel");
      }
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0107.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - require credentials to match for NTLM re-use (CVE-2015-3143) - close Negotiate connections when done (CVE-2015-3148) - reject CRLFs in URLs passed to proxy (CVE-2014-8150) - use only full matches for hosts used as IP address in cookies (CVE-2014-3613) - fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707) - fix manpage typos found using aspell (#1011101) - fix comments about loading CA certs with NSS in man pages (#1011083) - fix handling of DNS cache timeout while a transfer is in progress (#835898) - eliminate unnecessary inotify events on upload via file protocol (#883002) - use correct socket type in the examples (#997185) - do not crash if MD5 fingerprint is not provided by libssh2 (#1008178) - fix SIGSEGV of curl --retry when network is down (#1009455) - allow to use TLS 1.1 and TLS 1.2 (#1012136) - docs: update the links to cipher-suites supported by NSS (#1104160) - allow to use ECC ciphers if NSS implements them (#1058767) - make curl --trace-time print correct time (#1120196) - let tool call PR_Cleanup on exit if NSPR is used (#1146528) - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747) - allow to enable/disable new AES cipher-suites (#1156422) - include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163) - disable libcurl-level downgrade to SSLv3 (#1154059) - do not force connection close after failed HEAD request (#1168137) - fix occasional SIGSEGV during SSL handshake (#1168668) - fix a connection failure when FTPS handle is reused (#1154663) - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015) - fix connection re-use when using different log-in credentials (CVE-2014-0138) - fix authentication failure when server offers multiple auth options (#799557) - refresh expired cookie in test172 from upstream test-suite (#1069271) - fix a memory leak caused by write after close (#1078562) - nss: implement non-blocking SSL handshake (#1083742)
    last seen2020-06-01
    modified2020-06-02
    plugin id85148
    published2015-07-31
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85148
    titleOracleVM 3.3 : curl (OVMSA-2015-0107)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2015-0107.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85148);
      script_version("2.4");
      script_cvs_date("Date: 2019/09/27 13:00:34");
    
      script_cve_id("CVE-2014-0015", "CVE-2014-0138", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148");
      script_bugtraq_id(65270, 66457, 69748, 70988, 71964, 74299, 74301);
    
      script_name(english:"OracleVM 3.3 : curl (OVMSA-2015-0107)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - require credentials to match for NTLM re-use
        (CVE-2015-3143)
    
      - close Negotiate connections when done (CVE-2015-3148)
    
      - reject CRLFs in URLs passed to proxy (CVE-2014-8150)
    
      - use only full matches for hosts used as IP address in
        cookies (CVE-2014-3613)
    
      - fix handling of CURLOPT_COPYPOSTFIELDS in
        curl_easy_duphandle (CVE-2014-3707)
    
      - fix manpage typos found using aspell (#1011101)
    
      - fix comments about loading CA certs with NSS in man
        pages (#1011083)
    
      - fix handling of DNS cache timeout while a transfer is in
        progress (#835898)
    
      - eliminate unnecessary inotify events on upload via file
        protocol (#883002)
    
      - use correct socket type in the examples (#997185)
    
      - do not crash if MD5 fingerprint is not provided by
        libssh2 (#1008178)
    
      - fix SIGSEGV of curl --retry when network is down
        (#1009455)
    
      - allow to use TLS 1.1 and TLS 1.2 (#1012136)
    
      - docs: update the links to cipher-suites supported by NSS
        (#1104160)
    
      - allow to use ECC ciphers if NSS implements them
        (#1058767)
    
      - make curl --trace-time print correct time (#1120196)
    
      - let tool call PR_Cleanup on exit if NSPR is used
        (#1146528)
    
      - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
        (#1154747)
    
      - allow to enable/disable new AES cipher-suites (#1156422)
    
      - include response headers added by proxy in
        CURLINFO_HEADER_SIZE (#1161163)
    
      - disable libcurl-level downgrade to SSLv3 (#1154059)
    
      - do not force connection close after failed HEAD request
        (#1168137)
    
      - fix occasional SIGSEGV during SSL handshake (#1168668)
    
      - fix a connection failure when FTPS handle is reused
        (#1154663)
    
      - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015)
    
      - fix connection re-use when using different log-in
        credentials (CVE-2014-0138)
    
      - fix authentication failure when server offers multiple
        auth options (#799557)
    
      - refresh expired cookie in test172 from upstream
        test-suite (#1069271)
    
      - fix a memory leak caused by write after close (#1078562)
    
      - nss: implement non-blocking SSL handshake (#1083742)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000355.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected curl / libcurl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:libcurl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"curl-7.19.7-46.el6")) flag++;
    if (rpm_check(release:"OVS3.3", reference:"libcurl-7.19.7-46.el6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / libcurl");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-211.NASL
    descriptionSeveral vulnerabilities were discovered in cURL, an URL transfer library : CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to the issue fixed in DSA-2849-1. CVE-2015-3148 When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-04-30
    plugin id83143
    published2015-04-30
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83143
    titleDebian DLA-211-1 : curl security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-211-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83143);
      script_version("2.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2015-3143", "CVE-2015-3148");
      script_bugtraq_id(74299, 74301);
    
      script_name(english:"Debian DLA-211-1 : curl security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in cURL, an URL transfer
    library :
    
    CVE-2015-3143
    
    NTLM-authenticated connections could be wrongly reused for requests
    without any credentials set, leading to HTTP requests being sent over
    the connection authenticated as a different user. This is similar to
    the issue fixed in DSA-2849-1.
    
    CVE-2015-3148
    
    When doing HTTP requests using the Negotiate authentication method
    along with NTLM, the connection used would not be marked as
    authenticated, making it possible to reuse it and send requests for
    one user over the connection authenticated as a different user.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2015/04/msg00024.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze-lts/curl"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcurl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcurl3-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcurl3-gnutls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcurl4-gnutls-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcurl4-openssl-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"curl", reference:"7.21.0-2.1+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"libcurl3", reference:"7.21.0-2.1+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"libcurl3-dbg", reference:"7.21.0-2.1+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"libcurl3-gnutls", reference:"7.21.0-2.1+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"libcurl4-gnutls-dev", reference:"7.21.0-2.1+squeeze12")) flag++;
    if (deb_check(release:"6.0", prefix:"libcurl4-openssl-dev", reference:"7.21.0-2.1+squeeze12")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3232.NASL
    descriptionSeveral vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to the issue fixed in DSA-2849-1. - CVE-2015-3144 When parsing URLs with a zero-length hostname (such as
    last seen2020-06-01
    modified2020-06-02
    plugin id83003
    published2015-04-23
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83003
    titleDebian DSA-3232-1 : curl - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3232. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83003);
      script_version("1.7");
      script_cvs_date("Date: 2018/11/10 11:49:37");
    
      script_cve_id("CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148");
      script_xref(name:"DSA", value:"3232");
    
      script_name(english:"Debian DSA-3232-1 : curl - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in cURL, an URL transfer
    library :
    
      - CVE-2015-3143
        NTLM-authenticated connections could be wrongly reused
        for requests without any credentials set, leading to
        HTTP requests being sent over the connection
        authenticated as a different user. This is similar to
        the issue fixed in DSA-2849-1.
    
      - CVE-2015-3144
        When parsing URLs with a zero-length hostname (such as
        'http://:80'), libcurl would try to read from an invalid
        memory address. This could allow remote attackers to
        cause a denial of service (crash). This issue only
        affects the upcoming stable (jessie) and unstable (sid)
        distributions.
    
      - CVE-2015-3145
        When parsing HTTP cookies, if the parsed cookie's 'path'
        element consists of a single double-quote, libcurl would
        try to write to an invalid heap memory address. This
        could allow remote attackers to cause a denial of
        service (crash). This issue only affects the upcoming
        stable (jessie) and unstable (sid) distributions.
    
      - CVE-2015-3148
        When doing HTTP requests using the Negotiate
        authentication method along with NTLM, the connection
        used would not be marked as authenticated, making it
        possible to reuse it and send requests for one user over
        the connection authenticated as a different user."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-3143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-3144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-3145"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-3148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/curl"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2015/dsa-3232"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the curl packages.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 7.26.0-1+wheezy13.
    
    For the upcoming stable distribution (jessie), these problems have
    been fixed in version 7.38.0-4+deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:curl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"curl", reference:"7.26.0-1+wheezy13")) flag++;
    if (deb_check(release:"7.0", prefix:"libcurl3", reference:"7.26.0-1+wheezy13")) flag++;
    if (deb_check(release:"7.0", prefix:"libcurl3-dbg", reference:"7.26.0-1+wheezy13")) flag++;
    if (deb_check(release:"7.0", prefix:"libcurl3-gnutls", reference:"7.26.0-1+wheezy13")) flag++;
    if (deb_check(release:"7.0", prefix:"libcurl3-nss", reference:"7.26.0-1+wheezy13")) flag++;
    if (deb_check(release:"7.0", prefix:"libcurl4-gnutls-dev", reference:"7.26.0-1+wheezy13")) flag++;
    if (deb_check(release:"7.0", prefix:"libcurl4-nss-dev", reference:"7.26.0-1+wheezy13")) flag++;
    if (deb_check(release:"7.0", prefix:"libcurl4-openssl-dev", reference:"7.26.0-1+wheezy13")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-0847.NASL
    descriptionAn update for curl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es) : * It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. (CVE-2017-2628) This issue was discovered by Paulo Andrade (Red Hat).
    last seen2020-06-01
    modified2020-06-02
    plugin id99335
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99335
    titleRHEL 6 : curl (RHSA-2017:0847)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:0847. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99335);
      script_version("3.9");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2017-2628");
      script_xref(name:"RHSA", value:"2017:0847");
    
      script_name(english:"RHEL 6 : curl (RHSA-2017:0847)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for curl is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The curl packages provide the libcurl library and the curl utility for
    downloading files from servers using various protocols, including
    HTTP, FTP, and LDAP.
    
    Security Fix(es) :
    
    * It was found that the fix for CVE-2015-3148 in curl was incomplete.
    An application using libcurl with HTTP Negotiate authentication could
    incorrectly re-use credentials for subsequent requests to the same
    server. (CVE-2017-2628)
    
    This issue was discovered by Paulo Andrade (Red Hat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:0847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-2628"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libcurl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libcurl-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:0847";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"curl-7.19.7-53.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"curl-7.19.7-53.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"curl-7.19.7-53.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", reference:"curl-debuginfo-7.19.7-53.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libcurl-7.19.7-53.el6_9")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libcurl-devel-7.19.7-53.el6_9")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / libcurl / libcurl-devel");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-336.NASL
    descriptioncurl was updated to fix four security issues. The following vulnerabilities were fixed : - CVE-2015-3143: curl could re-use NTML authenticateds connections - CVE-2015-3144: curl could access memory out of bounds with zero length host names - CVE-2015-3145: curl cookie parser could access memory out of boundary - CVE-2015-3148: curl could treat Negotiate as not connection-oriented
    last seen2020-06-05
    modified2015-04-30
    plugin id83159
    published2015-04-30
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83159
    titleopenSUSE Security Update : curl (openSUSE-2015-336)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-336.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83159);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148");
    
      script_name(english:"openSUSE Security Update : curl (openSUSE-2015-336)");
      script_summary(english:"Check for the openSUSE-2015-336 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "curl was updated to fix four security issues.
    
    The following vulnerabilities were fixed :
    
      - CVE-2015-3143: curl could re-use NTML authenticateds
        connections
    
      - CVE-2015-3144: curl could access memory out of bounds
        with zero length host names
    
      - CVE-2015-3145: curl cookie parser could access memory
        out of boundary
    
      - CVE-2015-3148: curl could treat Negotiate as not
        connection-oriented"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=927556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=927607"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=927608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=927746"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected curl packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"curl-7.42.0-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"curl-debuginfo-7.42.0-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"curl-debugsource-7.42.0-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libcurl-devel-7.42.0-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libcurl4-7.42.0-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libcurl4-debuginfo-7.42.0-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libcurl4-32bit-7.42.0-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libcurl4-debuginfo-32bit-7.42.0-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"curl-7.42.0-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"curl-debuginfo-7.42.0-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"curl-debugsource-7.42.0-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libcurl-devel-7.42.0-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libcurl4-7.42.0-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libcurl4-debuginfo-7.42.0-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libcurl4-32bit-7.42.0-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libcurl4-debuginfo-32bit-7.42.0-7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / curl-debugsource / libcurl-devel / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2591-1.NASL
    descriptionParas Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143) Hanno Bock discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3144) Hanno Bock discovered that curl incorrectly handled cookie path elements. If a user or automated system were tricked into parsing a specially crafted cookie, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3145) Isaac Boukris discovered that when using Negotiate authenticated connections, curl could incorrectly authenticate the entire connection and not just specific HTTP requests. (CVE-2015-3148) Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers both to servers and proxies by default, contrary to expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83182
    published2015-05-01
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83182
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : curl vulnerabilities (USN-2591-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2591-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83182);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/18 12:31:44");
    
      script_cve_id("CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148", "CVE-2015-3153");
      script_xref(name:"USN", value:"2591-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : curl vulnerabilities (USN-2591-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP
    credentials when subsequently connecting to the same host over HTTP.
    (CVE-2015-3143)
    
    Hanno Bock discovered that curl incorrectly handled zero-length host
    names. If a user or automated system were tricked into using a
    specially crafted host name, an attacker could possibly use this issue
    to cause curl to crash, resulting in a denial of service, or possibly
    execute arbitrary code. This issue only affected Ubuntu 14.10 and
    Ubuntu 15.04. (CVE-2015-3144)
    
    Hanno Bock discovered that curl incorrectly handled cookie path
    elements. If a user or automated system were tricked into parsing a
    specially crafted cookie, an attacker could possibly use this issue to
    cause curl to crash, resulting in a denial of service, or possibly
    execute arbitrary code. This issue only affected Ubuntu 14.04 LTS,
    Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3145)
    
    Isaac Boukris discovered that when using Negotiate authenticated
    connections, curl could incorrectly authenticate the entire connection
    and not just specific HTTP requests. (CVE-2015-3148)
    
    Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP
    headers both to servers and proxies by default, contrary to
    expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04.
    (CVE-2015-3153).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2591-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected libcurl3, libcurl3-gnutls and / or libcurl3-nss
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|14\.10|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10 / 15.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libcurl3", pkgver:"7.22.0-3ubuntu4.14")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libcurl3-gnutls", pkgver:"7.22.0-3ubuntu4.14")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libcurl3-nss", pkgver:"7.22.0-3ubuntu4.14")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libcurl3", pkgver:"7.35.0-1ubuntu2.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libcurl3-gnutls", pkgver:"7.35.0-1ubuntu2.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libcurl3-nss", pkgver:"7.35.0-1ubuntu2.5")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"libcurl3", pkgver:"7.37.1-1ubuntu3.4")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"libcurl3-gnutls", pkgver:"7.37.1-1ubuntu3.4")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"libcurl3-nss", pkgver:"7.37.1-1ubuntu3.4")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libcurl3", pkgver:"7.38.0-3ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libcurl3-gnutls", pkgver:"7.38.0-3ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libcurl3-nss", pkgver:"7.38.0-3ubuntu2.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcurl3 / libcurl3-gnutls / libcurl3-nss");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1254.NASL
    descriptionUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id84912
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84912
    titleRHEL 6 : curl (RHSA-2015:1254)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:1254. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84912);
      script_version("2.11");
      script_cvs_date("Date: 2019/10/24 15:35:40");
    
      script_cve_id("CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148");
      script_bugtraq_id(69748, 70988, 71964, 74299, 74301);
      script_xref(name:"RHSA", value:"2015:1254");
    
      script_name(english:"RHEL 6 : curl (RHSA-2015:1254)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated curl packages that fix multiple security issues, several bugs,
    and add two enhancements are now available for Red Hat Enterprise
    Linux 6.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The curl packages provide the libcurl library and the curl utility for
    downloading files from servers using various protocols, including
    HTTP, FTP, and LDAP.
    
    It was found that the libcurl library did not correctly handle partial
    literal IP addresses when parsing received HTTP cookies. An attacker
    able to trick a user into connecting to a malicious server could use
    this flaw to set the user's cookie to a crafted domain, making other
    cookie-related issues easier to exploit. (CVE-2014-3613)
    
    A flaw was found in the way the libcurl library performed the
    duplication of connection handles. If an application set the
    CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's
    duplicate could cause the application to crash or disclose a portion
    of its memory. (CVE-2014-3707)
    
    It was discovered that the libcurl library failed to properly handle
    URLs with embedded end-of-line characters. An attacker able to make an
    application using libcurl to access a specially crafted URL via an
    HTTP proxy could use this flaw to inject additional headers to the
    request or construct additional requests. (CVE-2014-8150)
    
    It was discovered that libcurl implemented aspects of the NTLM and
    Negotiate authentication incorrectly. If an application uses libcurl
    and the affected mechanisms in a specific way, certain requests to a
    previously NTLM-authenticated server could appears as sent by the
    wrong authenticated user. Additionally, the initial set of credentials
    for HTTP Negotiate-authenticated requests could be reused in
    subsequent requests, although a different set of credentials was
    specified. (CVE-2015-3143, CVE-2015-3148)
    
    Red Hat would like to thank the cURL project for reporting these
    issues.
    
    Bug fixes :
    
    * An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was
    available with libcurl. Attackers could abuse the fallback to force
    downgrade of the SSL version. The fallback has been removed from
    libcurl. Users requiring this functionality can explicitly enable
    SSLv3.0 through the libcurl API. (BZ#1154059)
    
    * A single upload transfer through the FILE protocol opened the
    destination file twice. If the inotify kernel subsystem monitored the
    file, two events were produced unnecessarily. The file is now opened
    only once per upload. (BZ#883002)
    
    * Utilities using libcurl for SCP/SFTP transfers could terminate
    unexpectedly when the system was running in FIPS mode. (BZ#1008178)
    
    * Using the '--retry' option with the curl utility could cause curl to
    terminate unexpectedly with a segmentation fault. Now, adding
    '--retry' no longer causes curl to crash. (BZ#1009455)
    
    * The 'curl --trace-time' command did not use the correct local time
    when printing timestamps. Now, 'curl --trace-time' works as expected.
    (BZ#1120196)
    
    * The valgrind utility could report dynamically allocated memory leaks
    on curl exit. Now, curl performs a global shutdown of the NetScape
    Portable Runtime (NSPR) library on exit, and valgrind no longer
    reports the memory leaks. (BZ#1146528)
    
    * Previously, libcurl returned an incorrect value of the
    CURLINFO_HEADER_SIZE field when a proxy server appended its own
    headers to the HTTP response. Now, the returned value is valid.
    (BZ#1161163)
    
    Enhancements :
    
    * The '--tlsv1.0', '--tlsv1.1', and '--tlsv1.2' options are available
    for specifying the minor version of the TLS protocol to be negotiated
    by NSS. The '--tlsv1' option now negotiates the highest version of the
    TLS protocol supported by both the client and the server. (BZ#1012136)
    
    * It is now possible to explicitly enable or disable the ECC and the
    new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
    
    All curl users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues and add these
    enhancements."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:1254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3707"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3613"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3148"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libcurl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libcurl-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:1254";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"curl-7.19.7-46.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"curl-7.19.7-46.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"curl-7.19.7-46.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"curl-debuginfo-7.19.7-46.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libcurl-7.19.7-46.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libcurl-devel-7.19.7-46.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / libcurl / libcurl-devel");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170329_CURL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. (CVE-2017-2628)
    last seen2020-03-18
    modified2017-04-06
    plugin id99229
    published2017-04-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99229
    titleScientific Linux Security Update : curl on SL6.x i386/x86_64 (20170329)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99229);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2015-3148", "CVE-2017-2628");
    
      script_name(english:"Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20170329)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - It was found that the fix for CVE-2015-3148 in curl was
        incomplete. An application using libcurl with HTTP
        Negotiate authentication could incorrectly re-use
        credentials for subsequent requests to the same server.
        (CVE-2017-2628)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=76
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8f980eeb"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libcurl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libcurl-devel");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"curl-7.19.7-53.el6_9")) flag++;
    if (rpm_check(release:"SL6", reference:"curl-debuginfo-7.19.7-53.el6_9")) flag++;
    if (rpm_check(release:"SL6", reference:"libcurl-7.19.7-53.el6_9")) flag++;
    if (rpm_check(release:"SL6", reference:"libcurl-devel-7.19.7-53.el6_9")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / libcurl / libcurl-devel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-6695.NASL
    description - require credentials to match for NTLM re-use (CVE-2015-3143) - fix invalid write with a zero-length host name in URL (CVE-2015-3144) - fix invalid write in cookie path sanitization code (CVE-2015-3145) - close Negotiate connections when done (CVE-2015-3148) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-04-27
    plugin id83078
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83078
    titleFedora 22 : curl-7.40.0-3.fc22 (2015-6695)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1254.NASL
    descriptionFrom Red Hat Security Advisory 2015:1254 : Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id85096
    published2015-07-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85096
    titleOracle Linux 6 : curl (ELSA-2015-1254)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-6853.NASL
    descriptionUpdate to 7.42.0 which fixes various CVE
    last seen2020-06-05
    modified2015-05-05
    plugin id83237
    published2015-05-05
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83237
    titleFedora 21 : mingw-curl-7.42.0-1.fc21 (2015-6853)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6294F75F03F211E5AAB1D050996490D0.NASL
    descriptioncURL reports : libcurl keeps a pool of its last few connections around after use to facilitate easy, convenient, and completely transparent connection re-use for applications. When doing HTTP requests NTLM authenticated, the entire connection becomes authenticated and not just the specific HTTP request which is otherwise how HTTP works. This makes NTLM special and a subject for special treatment in the code. With NTLM, once the connection is authenticated, no further authentication is necessary until the connection gets closed. When doing HTTP requests Negotiate authenticated, the entire connection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. libcurl supports HTTP
    last seen2020-06-01
    modified2020-06-02
    plugin id83842
    published2015-05-27
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83842
    titleFreeBSD : cURL -- multiple vulnerabilities (6294f75f-03f2-11e5-aab1-d050996490d0)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2015-302-01.NASL
    descriptionNew curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86662
    published2015-10-30
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86662
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2015-302-01)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id85408
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85408
    titleMac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-219.NASL
    descriptionUpdated curl packages fix security vulnerabilities : NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user (CVE-2015-3143). When parsing HTTP cookies, if the parsed cookie
    last seen2020-06-01
    modified2020-06-02
    plugin id83243
    published2015-05-05
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83243
    titleMandriva Linux Security Advisory : curl (MDVSA-2015:219)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1254.NASL
    descriptionUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id85009
    published2015-07-28
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85009
    titleCentOS 6 : curl (CESA-2015:1254)
  • NASL familyWeb Servers
    NASL idHPSMH_7_2_6.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id90251
    published2016-03-29
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90251
    titleHP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0104_CURL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has curl packages installed that are affected by a vulnerability: - It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. (CVE-2017-2628) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127334
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127334
    titleNewStart CGSL MAIN 4.05 : curl Vulnerability (NS-SA-2019-0104)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0990-1.NASL
    descriptioncurl was updated to fix five security issues. The following vulnerabilities were fixed : - CVE-2015-3143: curl could re-use NTML authenticateds connections - CVE-2015-3144: curl could access memory out of bounds with zero length host names - CVE-2015-3145: curl cookie parser could access memory out of boundary - CVE-2015-3148: curl could treat Negotiate as not connection-oriented - CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83988
    published2015-06-04
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83988
    titleSUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0990-1)
  • NASL familyWeb Servers
    NASL idHPSMH_7_5_4.NASL
    descriptionAccording to the web server
    last seen2020-06-01
    modified2020-06-02
    plugin id90150
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90150
    titleHP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150722_CURL_ON_SL6_X.NASL
    descriptionIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-03-18
    modified2015-08-04
    plugin id85191
    published2015-08-04
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85191
    titleScientific Linux Security Update : curl on SL6.x i386/x86_64 (20150722)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-6864.NASL
    descriptionUpdate to 7.42.0 which fixes various CVE
    last seen2020-06-05
    modified2015-05-04
    plugin id83212
    published2015-05-04
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83212
    titleFedora 22 : mingw-curl-7.42.0-1.fc22 (2015-6864)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201509-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201509-02 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly obtain sensitive information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id86133
    published2015-09-25
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86133
    titleGLSA-201509-02 : cURL: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20151119_CURL_ON_SL7_X.NASL
    descriptionIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-03-18
    modified2015-12-22
    plugin id87554
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87554
    titleScientific Linux Security Update : curl on SL7.x x86_64 (20151119)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-6728.NASL
    description - require credentials to match for NTLM re-use (CVE-2015-3143) - fix invalid write with a zero-length host name in URL (CVE-2015-3144) - fix invalid write in cookie path sanitization code (CVE-2015-3145) - close Negotiate connections when done (CVE-2015-3148) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-04
    plugin id83208
    published2015-05-04
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83208
    titleFedora 21 : curl-7.37.0-14.fc21 (2015-6728)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-2159.NASL
    descriptionUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id87138
    published2015-12-02
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87138
    titleCentOS 7 : curl (CESA-2015:2159)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-6712.NASL
    description - require credentials to match for NTLM re-use (CVE-2015-3143) - fix invalid write in cookie path sanitization code (CVE-2015-3145) - close Negotiate connections when done (CVE-2015-3148) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-04-29
    plugin id83128
    published2015-04-29
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83128
    titleFedora 20 : curl-7.32.0-20.fc20 (2015-6712)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-220.NASL
    descriptionUpdated curl packages fix security vulnerabilities : NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user (CVE-2015-3143). When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user (CVE-2015-3148).
    last seen2020-06-01
    modified2020-06-02
    plugin id83244
    published2015-05-05
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83244
    titleMandriva Linux Security Advisory : curl (MDVSA-2015:220)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-514.NASL
    descriptionIt was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticed requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user. (CVE-2015-3143) It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones. (CVE-2015-3148) It was discovered that libcurl did not properly process cookies with a specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id83057
    published2015-04-27
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83057
    titleAmazon Linux AMI : curl (ALAS-2015-514)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1550.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content..(CVE-2018-1000301) - It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-5420) - It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user.(CVE-2015-3143) - libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit 415d2e7cb7(https://github.com/curl/curl/commit/415d2e7c b7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.(CVE-2017-1000254) - It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones.(CVE-2015-3148) - Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a
    last seen2020-06-01
    modified2020-06-02
    plugin id125003
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125003
    titleEulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1550)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-2159.NASL
    descriptionFrom Red Hat Security Advisory 2015:2159 : Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id87028
    published2015-11-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87028
    titleOracle Linux 7 : curl (ELSA-2015-2159)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-0847.NASL
    descriptionFrom Red Hat Security Advisory 2017:0847 : An update for curl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es) : * It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. (CVE-2017-2628) This issue was discovered by Paulo Andrade (Red Hat).
    last seen2020-06-01
    modified2020-06-02
    plugin id99075
    published2017-03-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99075
    titleOracle Linux 6 : curl (ELSA-2017-0847)

Redhat

advisories
  • bugzilla
    id1213351
    titleCVE-2015-3148 curl: Negotiate not treated as connection-oriented
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentlibcurl-devel is earlier than 0:7.19.7-46.el6
            ovaloval:com.redhat.rhsa:tst:20151254001
          • commentlibcurl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110918012
        • AND
          • commentlibcurl is earlier than 0:7.19.7-46.el6
            ovaloval:com.redhat.rhsa:tst:20151254003
          • commentlibcurl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110918014
        • AND
          • commentcurl is earlier than 0:7.19.7-46.el6
            ovaloval:com.redhat.rhsa:tst:20151254005
          • commentcurl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110918016
    rhsa
    idRHSA-2015:1254
    released2015-07-20
    severityModerate
    titleRHSA-2015:1254: curl security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id1218272
    titlePerformance problem with libcurl and FTP on RHEL7.X
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibcurl is earlier than 0:7.29.0-25.el7
            ovaloval:com.redhat.rhsa:tst:20152159001
          • commentlibcurl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110918014
        • AND
          • commentcurl is earlier than 0:7.29.0-25.el7
            ovaloval:com.redhat.rhsa:tst:20152159003
          • commentcurl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110918016
        • AND
          • commentlibcurl-devel is earlier than 0:7.29.0-25.el7
            ovaloval:com.redhat.rhsa:tst:20152159005
          • commentlibcurl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110918012
    rhsa
    idRHSA-2015:2159
    released2015-11-19
    severityModerate
    titleRHSA-2015:2159: curl security, bug fix, and enhancement update (Moderate)
rpms
  • curl-0:7.19.7-46.el6
  • curl-debuginfo-0:7.19.7-46.el6
  • libcurl-0:7.19.7-46.el6
  • libcurl-devel-0:7.19.7-46.el6
  • curl-0:7.29.0-25.el7
  • curl-debuginfo-0:7.29.0-25.el7
  • libcurl-0:7.29.0-25.el7
  • libcurl-devel-0:7.29.0-25.el7