Vulnerabilities > CVE-2017-1000101 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2174-1.NASL description This update for curl fixes the following issues : - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102540 published 2017-08-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102540 title SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2174-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:2174-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(102540); script_version("3.7"); script_cvs_date("Date: 2019/09/11 11:22:16"); script_cve_id("CVE-2017-1000100", "CVE-2017-1000101"); script_name(english:"SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2017:2174-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for curl fixes the following issues : - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1051643" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1051644" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1000100/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-1000101/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20172174-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5129d1e6" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1335=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1335=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1335=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1335=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1335=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1335=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1335=1 SUSE Container as a Service Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2017-1335=1 OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1335=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:curl-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcurl4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcurl4-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"curl-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"curl-debuginfo-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"curl-debugsource-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libcurl4-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libcurl4-debuginfo-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libcurl4-32bit-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libcurl4-debuginfo-32bit-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"curl-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"curl-debuginfo-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"curl-debugsource-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libcurl4-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libcurl4-debuginfo-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libcurl4-32bit-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libcurl4-debuginfo-32bit-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"curl-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"curl-debuginfo-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"curl-debugsource-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libcurl4-32bit-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libcurl4-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libcurl4-debuginfo-32bit-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libcurl4-debuginfo-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"curl-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"curl-debuginfo-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"curl-debugsource-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libcurl4-32bit-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libcurl4-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libcurl4-debuginfo-32bit-7.37.0-37.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libcurl4-debuginfo-7.37.0-37.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-889.NASL description FILE buffer read out of bounds (CVE-2017-1000099) TFTP sends more than buffer size (CVE-2017-1000100) URL globbing out of bounds read (CVE-2017-1000101) last seen 2020-06-01 modified 2020-06-02 plugin id 102877 published 2017-09-01 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102877 title Amazon Linux AMI : curl (ALAS-2017-889) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-889. # include("compat.inc"); if (description) { script_id(102877); script_version("3.4"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101"); script_xref(name:"ALAS", value:"2017-889"); script_name(english:"Amazon Linux AMI : curl (ALAS-2017-889)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "FILE buffer read out of bounds (CVE-2017-1000099) TFTP sends more than buffer size (CVE-2017-1000100) URL globbing out of bounds read (CVE-2017-1000101)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-889.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update curl' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libcurl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libcurl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"curl-7.51.0-9.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"curl-debuginfo-7.51.0-9.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libcurl-7.51.0-9.75.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libcurl-devel-7.51.0-9.75.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / libcurl / libcurl-devel"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2017-004.NASL description The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi last seen 2020-06-01 modified 2020-06-02 plugin id 104379 published 2017-11-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104379 title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(104379); script_version("1.10"); script_cvs_date("Date: 2019/06/19 15:17:43"); script_cve_id( "CVE-2016-0736", "CVE-2016-2161", "CVE-2016-4736", "CVE-2016-5387", "CVE-2016-8740", "CVE-2016-8743", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-10140", "CVE-2017-11103", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13782", "CVE-2017-13799", "CVE-2017-13801", "CVE-2017-13804", "CVE-2017-13807", "CVE-2017-13808", "CVE-2017-13809", "CVE-2017-13810", "CVE-2017-13811", "CVE-2017-13812", "CVE-2017-13813", "CVE-2017-13814", "CVE-2017-13815", "CVE-2017-13817", "CVE-2017-13818", "CVE-2017-13819", "CVE-2017-13820", "CVE-2017-13821", "CVE-2017-13822", "CVE-2017-13823", "CVE-2017-13824", "CVE-2017-13825", "CVE-2017-13828", "CVE-2017-13829", "CVE-2017-13830", "CVE-2017-13831", "CVE-2017-13833", "CVE-2017-13834", "CVE-2017-13836", "CVE-2017-13838", "CVE-2017-13840", "CVE-2017-13841", "CVE-2017-13842", "CVE-2017-13843", "CVE-2017-13846", "CVE-2017-13906", "CVE-2017-13908", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-5130", "CVE-2017-5969", "CVE-2017-7132", "CVE-2017-7150", "CVE-2017-7170", "CVE-2017-7376", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9049", "CVE-2017-9050", "CVE-2017-9788", "CVE-2017-9789" ); script_bugtraq_id( 100249, 100286, 100913, 100914, 101177, 101274, 101482, 102100, 91816, 93055, 94650, 95076, 95077, 95078, 96188, 98568, 98601, 98877, 99132, 99134, 99135, 99137, 99170, 99551, 99568, 99569, 99938, 99939, 99940, 99941 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-10-31-2"); script_xref(name:"IAVA", value:"2017-A-0310"); script_name(english:"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)"); script_summary(english:"Checks for the presence of Security Update 2017-004."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a macOS or Mac OS X security update that fixes multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT208221"); # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3881783e"); script_set_attribute(attribute:"solution", value: "Install Security Update 2017-004 or later for 10.11.x or Security Update 2017-001 or later for 10.12.x."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7376"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/18"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Compare 2 patch numbers to determine if patch requirements are satisfied. # Return true if this patch or a later patch is applied # Return false otherwise function check_patch(year, number) { local_var p_split = split(patch, sep:"-"); local_var p_year = int( p_split[0]); local_var p_num = int( p_split[1]); if (year > p_year) return TRUE; else if (year < p_year) return FALSE; else if (number >= p_num) return TRUE; else return FALSE; } get_kb_item_or_exit("Host/local_checks_enabled"); os = get_kb_item_or_exit("Host/MacOSX/Version"); if (!preg(pattern:"Mac OS X 10\.(11\.6|12\.6)([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.11.6 or Mac OS X 10.12.6"); if ("10.11.6" >< os) patch = "2017-004"; else patch = "2017-001"; packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1); sec_boms_report = pgrep( pattern:"^com\.apple\.pkg\.update\.(security\.|os\.SecUpd).*bom$", string:packages ); sec_boms = split(sec_boms_report, sep:'\n'); foreach package (sec_boms) { # Grab patch year and number match = pregmatch(pattern:"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]", string:package); if (empty_or_null(match[1]) || empty_or_null(match[2])) continue; patch_found = check_patch(year:int(match[1]), number:int(match[2])); if (patch_found) exit(0, "The host has Security Update " + patch + " or later installed and is therefore not affected."); } report = '\n Missing security update : ' + patch; report += '\n Installed security BOMs : '; if (sec_boms_report) report += str_replace(find:'\n', replace:'\n ', string:sec_boms_report); else report += 'n/a'; report += '\n'; security_report_v4(port:0, severity:SECURITY_HOLE, extra:report, xss:TRUE);NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0045_CURL.NASL description An update of the curl package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121761 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121761 title Photon OS 2.0: Curl PHSA-2017-0045 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0045. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121761); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id( "CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254" ); script_name(english:"Photon OS 2.0: Curl PHSA-2017-0045"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the curl package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-2.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15041"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-debuginfo-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-debuginfo-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-debuginfo-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-debuginfo-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-devel-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-devel-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-devel-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-devel-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-libs-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-libs-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-libs-7.54.1-3.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-libs-7.54.1-3.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-951.NASL description This update for curl fixes the following issues : - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-08-18 plugin id 102566 published 2017-08-18 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102566 title openSUSE Security Update : curl (openSUSE-2017-951) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-951. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(102566); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000100", "CVE-2017-1000101"); script_name(english:"openSUSE Security Update : curl (openSUSE-2017-951)"); script_summary(english:"Check for the openSUSE-2017-951 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for curl fixes the following issues : - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643) This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051643" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051644" ); script_set_attribute(attribute:"solution", value:"Update the affected curl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"curl-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"curl-debuginfo-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"curl-debugsource-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libcurl-devel-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libcurl4-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libcurl4-debuginfo-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libcurl-devel-32bit-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libcurl4-32bit-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libcurl4-debuginfo-32bit-7.37.0-16.6.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"curl-7.37.0-20.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"curl-debuginfo-7.37.0-20.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"curl-debugsource-7.37.0-20.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libcurl-devel-7.37.0-20.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libcurl4-7.37.0-20.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libcurl4-debuginfo-7.37.0-20.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libcurl-devel-32bit-7.37.0-20.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libcurl4-32bit-7.37.0-20.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libcurl4-debuginfo-32bit-7.37.0-20.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / curl-debugsource / libcurl-devel-32bit / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2017-F2DF9D7772.NASL description Security fixes for CVE-2017-1000100 and CVE-2017-1000101 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-08-14 plugin id 102463 published 2017-08-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102463 title Fedora 25 : curl (2017-f2df9d7772) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-f2df9d7772. # include("compat.inc"); if (description) { script_id(102463); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101"); script_xref(name:"FEDORA", value:"2017-f2df9d7772"); script_name(english:"Fedora 25 : curl (2017-f2df9d7772)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fixes for CVE-2017-1000100 and CVE-2017-1000101 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f2df9d7772" ); script_set_attribute(attribute:"solution", value:"Update the affected curl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:curl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"curl-7.51.0-9.fc25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_69CFA3867CD011E7867FB499BAEBFEAF.NASL description The cURL project reports : - FILE buffer read out of bounds - TFTP sends more than buffer size - URL globbing out of bounds read last seen 2020-06-01 modified 2020-06-02 plugin id 102330 published 2017-08-10 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102330 title FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201709-14.NASL description The remote host is affected by the vulnerability described in GLSA-201709-14 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could cause a Denial of Service condition, obtain sensitive information, or bypass intended restrictions for TLS sessions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 103282 published 2017-09-18 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103282 title GLSA-201709-14 : cURL: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2017-F1FFD18079.NASL description Security fixes for CVE-2017-1000100 and CVE-2017-1000101 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-08-14 plugin id 102462 published 2017-08-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102462 title Fedora 26 : curl (2017-f1ffd18079) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3441-1.NASL description Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled large file names when doing TFTP transfers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji Ouyang discovered that curl incorrectly handled numerical range globbing. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents. (CVE-2017-1000101) Max Dymond discovered that curl incorrectly handled FTP PWD responses. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service. (CVE-2017-1000254) Brian Carpenter discovered that curl incorrectly handled the --write-out command line option. A local attacker could possibly use this issue to obtain sensitive memory contents. (CVE-2017-7407). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103773 published 2017-10-11 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103773 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : curl vulnerabilities (USN-3441-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0045.NASL description An update of [go,curl,libtiff,systemd,bash] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111894 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111894 title Photon OS 2.0: Bash / Curl / Go / Libtiff / Systemd PHSA-2017-0045 (deprecated) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3992.NASL description Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-1000100 Even Rouault reported that cURL does not properly handle long file names when doing an TFTP upload. A malicious HTTP(S) server can take advantage of this flaw by redirecting a client using the cURL library to a crafted TFTP URL and trick it to send private memory contents to a remote server over UDP. - CVE-2017-1000101 Brian Carpenter and Yongji Ouyang reported that cURL contains a flaw in the globbing function that parses the numerical range, leading to an out-of-bounds read when parsing a specially crafted URL. - CVE-2017-1000254 Max Dymond reported that cURL contains an out-of-bounds read flaw in the FTP PWD response parser. A malicious server can take advantage of this flaw to effectively prevent a client using the cURL library to work with it, causing a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 103715 published 2017-10-09 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103715 title Debian DSA-3992-1 : curl - security update NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-221-01.NASL description New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102365 published 2017-08-11 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102365 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-221-01) NASL family MacOS X Local Security Checks NASL id MACOS_10_13_1.NASL description The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components : - APFS - curl - Dictionary Widget - Kernel - StreamingZip - tcpdump - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 104378 published 2017-11-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104378 title macOS 10.13.x < 10.13.1 Multiple Vulnerabilities
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://www.debian.org/security/2017/dsa-3992
- http://www.debian.org/security/2017/dsa-3992
- http://www.securityfocus.com/bid/100249
- http://www.securityfocus.com/bid/100249
- http://www.securitytracker.com/id/1039117
- http://www.securitytracker.com/id/1039117
- https://access.redhat.com/errata/RHSA-2018:3558
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_20170809A.html
- https://curl.haxx.se/docs/adv_20170809A.html
- https://security.gentoo.org/glsa/201709-14
- https://security.gentoo.org/glsa/201709-14
- https://support.apple.com/HT208221
- https://support.apple.com/HT208221