Vulnerabilities > CVE-2018-1000300 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 | |
| OS | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2018-9DC7338487.NASL description - fix FTP shutdown response buffer overflow (CVE-2018-1000300) - fix RTSP bad headers buffer over-read (CVE-2018-1000301) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-05-24 plugin id 110061 published 2018-05-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110061 title Fedora 27 : curl (2018-9dc7338487) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-9dc7338487. # include("compat.inc"); if (description) { script_id(110061); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-1000300", "CVE-2018-1000301"); script_xref(name:"FEDORA", value:"2018-9dc7338487"); script_name(english:"Fedora 27 : curl (2018-9dc7338487)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - fix FTP shutdown response buffer overflow (CVE-2018-1000300) - fix RTSP bad headers buffer over-read (CVE-2018-1000301) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dc7338487" ); script_set_attribute(attribute:"solution", value:"Update the affected curl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:curl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"curl-7.55.1-11.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0068.NASL description An update of 'curl' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 111954 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111954 title Photon OS 2.0: Curl PHSA-2018-2.0-0068 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0068. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111954); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:51"); script_cve_id("CVE-2018-1000300", "CVE-2018-1000301"); script_name(english:"Photon OS 2.0: Curl PHSA-2018-2.0-0068 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'curl' packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-68 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eca41ecc"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "curl-7.59.0-2.ph2", "curl-debuginfo-7.59.0-2.ph2", "curl-devel-7.59.0-2.ph2", "curl-libs-7.59.0-2.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl"); }NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1029.NASL description Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.(CVE-2018-1000300) Curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.(CVE-2018-1000301) last seen 2020-06-01 modified 2020-06-02 plugin id 110446 published 2018-06-12 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110446 title Amazon Linux 2 : curl (ALAS-2018-1029) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2018-1029. # include("compat.inc"); if (description) { script_id(110446); script_version("1.3"); script_cvs_date("Date: 2018/08/31 12:25:00"); script_cve_id("CVE-2018-1000300", "CVE-2018-1000301"); script_xref(name:"ALAS", value:"2018-1029"); script_name(english:"Amazon Linux 2 : curl (ALAS-2018-1029)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.(CVE-2018-1000300) Curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.(CVE-2018-1000301)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1029.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update curl' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libcurl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libcurl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"curl-7.55.1-12.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"curl-debuginfo-7.55.1-12.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libcurl-7.55.1-12.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libcurl-devel-7.55.1-12.amzn2.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / libcurl / libcurl-devel"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-435.NASL description This update for curl to version 7.60.0 fixes the following issues : These security issues were fixed : - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies (bsc#1092094). - CVE-2018-1000301: Prevent buffer over-read that could have cause reading data beyond the end of a heap based buffer used to store downloaded RTSP content (bsc#1092098). These non-security issues were fixed : - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol - Add --haproxy-protocol for the command line tool - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses - FTP: fix typo in recursive callback detection for seeking - test1208: marked flaky - HTTP: make header-less responses still count correct body size - user-agent.d:: mention --proxy-header as well - http2: fixes typo - cleanup: misc typos in strings and comments - rate-limit: use three second window to better handle high speeds - examples/hiperfifo.c: improved - pause: when changing pause state, update socket state - curl_version_info.3: fix ssl_version description - add_handle/easy_perform: clear errorbuffer on start if set - cmake: add support for brotli - parsedate: support UT timezone - vauth/ntlm.h: fix the #ifdef header guard - lib/curl_path.h: added #ifdef header guard - vauth/cleartext: fix integer overflow check - CURLINFO_COOKIELIST.3: made the example not leak memory - cookie.d: mention that last seen 2020-06-01 modified 2020-06-02 plugin id 123190 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123190 title openSUSE Security Update : curl (openSUSE-2019-435) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-435. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(123190); script_version("1.2"); script_cvs_date("Date: 2020/01/30"); script_cve_id("CVE-2018-1000300", "CVE-2018-1000301"); script_name(english:"openSUSE Security Update : curl (openSUSE-2019-435)"); script_summary(english:"Check for the openSUSE-2019-435 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for curl to version 7.60.0 fixes the following issues : These security issues were fixed : - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies (bsc#1092094). - CVE-2018-1000301: Prevent buffer over-read that could have cause reading data beyond the end of a heap based buffer used to store downloaded RTSP content (bsc#1092098). These non-security issues were fixed : - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol - Add --haproxy-protocol for the command line tool - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses - FTP: fix typo in recursive callback detection for seeking - test1208: marked flaky - HTTP: make header-less responses still count correct body size - user-agent.d:: mention --proxy-header as well - http2: fixes typo - cleanup: misc typos in strings and comments - rate-limit: use three second window to better handle high speeds - examples/hiperfifo.c: improved - pause: when changing pause state, update socket state - curl_version_info.3: fix ssl_version description - add_handle/easy_perform: clear errorbuffer on start if set - cmake: add support for brotli - parsedate: support UT timezone - vauth/ntlm.h: fix the #ifdef header guard - lib/curl_path.h: added #ifdef header guard - vauth/cleartext: fix integer overflow check - CURLINFO_COOKIELIST.3: made the example not leak memory - cookie.d: mention that '-' as filename means stdin - CURLINFO_SSL_VERIFYRESULT.3: fixed the example - http2: read pending frames (including GOAWAY) in connection-check - timeval: remove compilation warning by casting - cmake: avoid warn-as-error during config checks - travis-ci: enable -Werror for CMake builds - openldap: fix for NULL return from ldap_get_attribute_ber() - threaded resolver: track resolver time and set suitable timeout values - cmake: Add advapi32 as explicit link library for win32 - docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T - test1148: set a fixed locale for the test - cookies: when reading from a file, only remove_expired once - cookie: store cookies per top-level-domain-specific hash table - openssl: RESTORED verify locations when verifypeer==0 - file: restore old behavior for file:////foo/bar URLs - FTP: allow PASV on IPv6 connections when a proxy is being used - build-openssl.bat: allow custom paths for VS and perl - winbuild: make the clean target work without build-type - build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 - curl: retry on FTP 4xx, ignore other protocols - configure: detect (and use) sa_family_t - examples/sftpuploadresume: Fix Windows large file seek - build: cleanup to fix clang warnings/errors - winbuild: updated the documentation - lib: silence null-dereference warnings - travis: bump to clang 6 and gcc 7 - travis: build libpsl and make builds use it - proxy: show getenv proxy use in verbose output - duphandle: make sure CURLOPT_RESOLVE is duplicated - all: Refactor malloc+memset to use calloc - checksrc: Fix typo - system.h: Add sparcv8plus to oracle/sunpro 32-bit detection - vauth: Fix typo - ssh: show libSSH2 error code when closing fails - test1148: tolerate progress updates better - urldata: make service names unconditional - configure: keep LD_LIBRARY_PATH changes local - ntlm_sspi: fix authentication using Credential Manager - schannel: add client certificate authentication - winbuild: Support custom devel paths for each dependency - schannel: add support for CURLOPT_CAINFO - http2: handle on_begin_headers() called more than once - openssl: support OpenSSL 1.1.1 verbose-mode trace messages - openssl: fix subjectAltName check on non-ASCII platforms - http2: avoid strstr() on data not zero terminated - http2: clear the 'drain counter' when a stream is closed - http2: handle GOAWAY properly - tool_help: clarify --max-time unit of time is seconds - curl.1: clarify that options and URLs can be mixed - http2: convert an assert to run-time check - curl_global_sslset: always provide available backends - ftplistparser: keep state between invokes - Curl_memchr: zero length input can't match - examples/sftpuploadresume: typecast fseek argument to long - examples/http2-upload: expand buffer to avoid silly warning - ctype: restore character classification for non-ASCII platforms - mime: avoid NULL pointer dereference risk - cookies: ensure that we have cookies before writing jar - os400.c: fix checksrc warnings - configure: provide --with-wolfssl as an alias for --with-cyassl - cyassl: adapt to libraries without TLS 1.0 support built-in - http2: get rid of another strstr - checksrc: force indentation of lines after an else - cookies: remove unused macro - CURLINFO_PROTOCOL.3: mention the existing defined names - tests: provide 'manual' as a feature to optionally require - travis: enable libssh2 on both macos and Linux - CURLOPT_URL.3: added ENCODING section - wolfssl: Fix non-blocking connect - vtls: don't define MD5_DIGEST_LENGTH for wolfssl - docs: remove extraneous commas in man pages - URL: fix ASCII dependency in strcpy_url and strlen_url - ssh-libssh.c: fix left shift compiler warning - configure: only check for CA bundle for file-using SSL backends - travis: add an mbedtls build - http: don't set the 'rewind' flag when not uploading anything - configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h - transfer: don't unset writesockfd on setup of multiplexed conns - vtls: use unified 'supports' bitfield member in backends - URLs: fix one more http url - travis: add a build using WolfSSL - openssl: change FILE ops to BIO ops - travis: add build using NSS - smb: reject negative file sizes - cookies: accept parameter names as cookie name - http2: getsock fix for uploads - all over: fixed format specifiers - http2: use the correct function pointer typedef" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092098" ); script_set_attribute(attribute:"solution", value:"Update the affected curl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-mini-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl-mini-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-mini"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-mini-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"curl-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"curl-debuginfo-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"curl-debugsource-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"curl-mini-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"curl-mini-debuginfo-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"curl-mini-debugsource-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libcurl-devel-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libcurl-mini-devel-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libcurl4-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libcurl4-debuginfo-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libcurl4-mini-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libcurl4-mini-debuginfo-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libcurl-devel-32bit-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libcurl4-32bit-7.60.0-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libcurl4-32bit-debuginfo-7.60.0-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl-mini / curl-mini-debuginfo / curl-mini-debugsource / etc"); }NASL family Web Servers NASL id ORACLE_HTTP_SERVER_CPU_OCT_2018.NASL description The version of Oracle HTTP Server installed on the remote host is affected by vulnerabilities as noted in the October 2018 CPU advisory: - A vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener (curl)). The affected version is 12.2.1.3. This is a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. A successful attacks requires human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2018-1000300) - A denial of service (DoS) vulnerability exists in curl due to Buffer Over-read. Affected versions are from curl version 7.20.0 to curl 7.59.0. The vulnerable component can be tricked into reading data beyond the end of the heap. An unauthenticated attacked with network access can exploit this issue to cause the application to stop responding. (CVE-2018-1000301) - A buffer over-read vulnerability exists in curl that could lead to information leakage. Affected versions are from 7.20.0 to curl 7.58.0. A vulnerability in the RTSP+RTP handling code could allows an attacker to cause a denial of service or information leakage. An unauthenticated attacked with network access can exploit this vulnerability to cause a denial of service (DoS) or to leak information from the vulnerable application. (CVE-2018-1000122) last seen 2020-03-18 modified 2019-04-16 plugin id 124090 published 2019-04-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124090 title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2018 CPU) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(124090); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id( "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301" ); script_bugtraq_id( 104207, 103414, 103415, 103436, 104225 ); script_name(english:"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2018 CPU)"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle HTTP Server installed on the remote host is affected by vulnerabilities as noted in the October 2018 CPU advisory: - A vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener (curl)). The affected version is 12.2.1.3. This is a difficult to exploit vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. A successful attacks requires human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2018-1000300) - A denial of service (DoS) vulnerability exists in curl due to Buffer Over-read. Affected versions are from curl version 7.20.0 to curl 7.59.0. The vulnerable component can be tricked into reading data beyond the end of the heap. An unauthenticated attacked with network access can exploit this issue to cause the application to stop responding. (CVE-2018-1000301) - A buffer over-read vulnerability exists in curl that could lead to information leakage. Affected versions are from 7.20.0 to curl 7.58.0. A vulnerability in the RTSP+RTP handling code could allows an attacker to cause a denial of service or information leakage. An unauthenticated attacked with network access can exploit this vulnerability to cause a denial of service (DoS) or to leak information from the vulnerable application. (CVE-2018-1000122)"); # https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?705136d8"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the October 2018 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_http_server_installed.nbin"); script_require_keys("Oracle/OHS/Installed"); exit(0); } include('oracle_http_server_patch_func.inc'); get_kb_item_or_exit('Oracle/OHS/Installed'); install_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion'); install = branch(install_list, key:TRUE, value:TRUE); patches = make_array(); patches['12.2.1.3'] = make_array('fix_ver', '12.2.1.3.180710', 'patch', '28281599'); oracle_http_server_check_vuln( install : install, min_patches : patches, severity : SECURITY_HOLE );NASL family Misc. NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL description The version of Oracle Secure Global Desktop installed on the remote host is 5.3 / 5.4 and is missing a security patch from the July 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - curl version curl 7.54.1 to and including curl 7.59.0 contains a Heap-based Buffer Overflow vulnerability in FTP connection closing down functionality which can lead to DoS and RCE conditions. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. (CVE-2018-1000300) - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. It was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to unauthorized users. (CVE-2018-1305) - ASN.1 types with a recursive definition could exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). (CVE-2018-0739) last seen 2020-06-01 modified 2020-06-02 plugin id 111333 published 2018-07-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111333 title Oracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(111333); script_version("1.5"); script_cvs_date("Date: 2019/11/04"); script_cve_id( "CVE-2017-3738", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301" ); script_bugtraq_id( 102118, 103144, 103170, 103414, 103415, 103436, 103517, 103518, 104207, 104225 ); script_name(english:"Oracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU)"); script_summary(english:"Checks the version of Oracle Secure Global Desktop."); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Secure Global Desktop installed on the remote host is 5.3 / 5.4 and is missing a security patch from the July 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - curl version curl 7.54.1 to and including curl 7.59.0 contains a Heap-based Buffer Overflow vulnerability in FTP connection closing down functionality which can lead to DoS and RCE conditions. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. (CVE-2018-1000300) - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. It was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to unauthorized users. (CVE-2018-1305) - ASN.1 types with a recursive definition could exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). (CVE-2018-0739)"); # https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixOVIR script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4c9a415"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2018 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:virtualization_secure_global_desktop"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_secure_global_desktop_installed.nbin"); script_require_keys("Host/Oracle_Secure_Global_Desktop/Version"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); app = 'Oracle Secure Global Desktop'; version = get_kb_item_or_exit('Host/Oracle_Secure_Global_Desktop/Version'); # this check is for Oracle Secure Global Desktop packages built for Linux platform uname = get_kb_item_or_exit('Host/uname'); if ('Linux' >!< uname) audit(AUDIT_OS_NOT, 'Linux'); fix_required = NULL; if (version =~ "^5\.30($|\.)") fix_required = make_list('Patch_53p5'); else if (version =~ "^5\.40($|\.)") fix_required = make_list('Patch_54p1', 'Patch_54p2', 'Patch_54p3'); if (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle Secure Global Desktop', version); patches = get_kb_list('Host/Oracle_Secure_Global_Desktop/Patches'); patched = FALSE; foreach patch (patches) { foreach fix (fix_required) { if (patch == fix) { patched = TRUE; break; } } if (patched) break; } if (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + patch + ')'); report = '\n Installed version : ' + version + '\n Patch required : ' + fix_required[0] + '\n'; security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0068_CURL.NASL description An update of the curl package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121963 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121963 title Photon OS 2.0: Curl PHSA-2018-2.0-0068 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0068. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121963); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-1000300", "CVE-2018-1000301"); script_name(english:"Photon OS 2.0: Curl PHSA-2018-2.0-0068"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the curl package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-68.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000300"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/09"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-7.59.0-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-7.59.0-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-debuginfo-7.59.0-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-debuginfo-7.59.0-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-devel-7.59.0-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-devel-7.59.0-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-libs-7.59.0-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"curl-libs-7.59.0-2.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl"); }NASL family Misc. NASL id ORACLE_OATS_CPU_JAN_2019.NASL description The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Enterprise Manager Base Platform Agent Next Gen (Jython) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2016-4000) - Enterprise Manager Base Platform Discovery Framework (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Base Platform. (CVE-2018-0732) - Enterprise Manager Ops Center Networking (OpenSSL) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to cause a frequent crash (DoS) of the Enterprise Manager Ops Center Platform. (CVE-2018-0732) - Oracle Application Testing Suite Load Testing for Web Apps (Spring Framework) component of Oracle Enterprise Manager Products Suite is easily exploited and can allow an unauthenticated attacker the ability to takeover the Enterprise Manager Base Platform. (CVE-2018-1258) - Enterprise Manager Base Platform EM Console component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access. (CVE-2018-3303) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3304) - Oracle Application Testing Suite Load Testing for Web Apps component is easily exploited by an unauthenticated attacker. Successful attacks can result in unauthorized update, insert, or delete access and a partial denial of service. (CVE-2018-3305) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-12023) - Enterprise Manager for Virtualization Plug-In Lifecycle (jackson-databind) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager for Virtualization. (CVE-2018-14718) - Enterprise Manager Ops Center Networking (cURL) component of Oracle Enterprise Manager allows an unauthenticated attacker the ability to takeover Enterprise Manager Ops Center. (CVE-2018-1000300) last seen 2020-06-01 modified 2020-06-02 plugin id 121257 published 2019-01-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121257 title Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2019 CPU) NASL family Fedora Local Security Checks NASL id FEDORA_2018-FA01002D7E.NASL description - fix FTP shutdown response buffer overflow (CVE-2018-1000300) - fix RTSP bad headers buffer over-read (CVE-2018-1000301) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120931 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120931 title Fedora 28 : curl (2018-fa01002d7e) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-589.NASL description This update for curl to version 7.60.0 fixes the following issues : These security issues were fixed : - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies (bsc#1092094). - CVE-2018-1000301: Prevent buffer over-read that could have cause reading data beyond the end of a heap based buffer used to store downloaded RTSP content (bsc#1092098). These non-security issues were fixed : - Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol - Add --haproxy-protocol for the command line tool - Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses - FTP: fix typo in recursive callback detection for seeking - test1208: marked flaky - HTTP: make header-less responses still count correct body size - user-agent.d:: mention --proxy-header as well - http2: fixes typo - cleanup: misc typos in strings and comments - rate-limit: use three second window to better handle high speeds - examples/hiperfifo.c: improved - pause: when changing pause state, update socket state - curl_version_info.3: fix ssl_version description - add_handle/easy_perform: clear errorbuffer on start if set - cmake: add support for brotli - parsedate: support UT timezone - vauth/ntlm.h: fix the #ifdef header guard - lib/curl_path.h: added #ifdef header guard - vauth/cleartext: fix integer overflow check - CURLINFO_COOKIELIST.3: made the example not leak memory - cookie.d: mention that last seen 2020-06-05 modified 2018-06-11 plugin id 110434 published 2018-06-11 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110434 title openSUSE Security Update : curl (openSUSE-2018-589) NASL family Misc. NASL id ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking (jQuery) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attacks requires human interaction and can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. (CVE-2015-9251) - An unspecified vulnerability in the subcomponent Networking (OpenSSL) of the Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. An easy to exploit vulnerability could allow an unauthenticated attacker with network access via HTTPS to compromise Enterprise Manager Ops Center. A successful attack of this vulnerability could result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. (CVE-2018-0732) - An unspecified vulnerability in the subcomponent Networking (cURL) of Enterprise Manager Ops Center. Supported versions that are affected are 12.2.2 and 12.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. A successful attack requires human interaction from a person other than the attacker and can result in takeover of Enterprise Manager Ops Center. (CVE-2018-1000300) last seen 2020-06-01 modified 2020-06-02 plugin id 131184 published 2019-11-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131184 title Oracle Enterprise Manager Ops Center (Jan 2019 CPU) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201806-05.NASL description The remote host is affected by the vulnerability described in GLSA-201806-05 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could cause a Denial of Service condition, obtain sensitive information, or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 110614 published 2018-06-20 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110614 title GLSA-201806-05 : cURL: Multiple vulnerabilities NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0158_CURL.NASL description An update of the curl package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121855 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121855 title Photon OS 1.0: Curl PHSA-2018-1.0-0158 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3648-1.NASL description Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-1000300) Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2018-1000301). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109893 published 2018-05-17 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109893 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : curl vulnerabilities (USN-3648-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_04FE6C8D2A344009A81EE7A7E759B5D2.NASL description cURL security problems : CVE-2018-1000300: FTP shutdown response buffer overflow curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies. When doing FTP transfers, curl keeps a spare last seen 2020-06-01 modified 2020-06-02 plugin id 109877 published 2018-05-17 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109877 title FreeBSD : cURL -- multiple vulnerabilities (04fe6c8d-2a34-4009-a81e-e7a7e759b5d2) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-136-01.NASL description New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109870 published 2018-05-17 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109870 title Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-136-01) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0158.NASL description An update of 'curl' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 111941 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111941 title Photon OS 1.0: Curl PHSA-2018-1.0-0158 (deprecated)
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/104207
- http://www.securitytracker.com/id/1040933
- https://curl.haxx.se/docs/adv_2018-82c2.html
- https://security.gentoo.org/glsa/201806-05
- https://usn.ubuntu.com/3648-1/
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html