Detections
Analytics
Oracle Solaris Third-Party Patch Update : libcurl (cve_2014_3707_information_disclosure)
medium Nessus Plugin ID 80664
Language:
Synopsis
The remote Solaris system is missing a security patch for third-party software.Description
The remote Solaris system is missing necessary patches to address security updates :- The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. (CVE-2014-3707)
Solution
Upgrade to Solaris 11.2.5.5.0.See Also
Plugin Details
Severity: Medium
ID: 80664
File Name: solaris11_libcurl_20141216.nasl
Version: 1.3
Type: local
Family: Solaris Local Security Checks
Published: 1/19/2015
Updated: 1/14/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/o:oracle:solaris:11.2, p-cpe:/a:oracle:solaris:libcurl
Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list
Patch Publication Date: 12/16/2014
Reference Information
CVE: CVE-2014-3707