FreeBSD : cURL -- URL file scheme drive letter buffer overflow (9314058e-5204-11e7-b712-b1a44a034d72)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

cURL security advisory :

When libcurl is given either

1. a file: URL that doesn't use two slashes following the colon, or

2. is told that file is the default scheme to use for URLs without
scheme

... and the given path starts with a drive letter and libcurl is built
for Windows or DOS, then libcurl would copy the path with a wrong
offset, so that the end of the given path would write beyond the
malloc buffer. Up to seven bytes too much.

We are not aware of any exploit of this flaw.

See also :

https://curl.haxx.se/docs/adv_20170614.html
http://www.nessus.org/u?a60de9f9

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100828 ()

Bugtraq ID:

CVE ID: CVE-2017-9502

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now