Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : curl vulnerabilities (USN-3123-1)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

It was discovered that curl incorrectly reused client certificates
when built with NSS. A remote attacker could possibly use this issue
to hijack the authentication of a TLS connection. (CVE-2016-7141)

Nguyen Vu Hoang discovered that curl incorrectly handled escaping
certain strings. A remote attacker could possibly use this issue to
cause curl to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-7167)

It was discovered that curl incorrectly handled storing cookies. A
remote attacker could possibly use this issue to inject cookies for
arbitrary domains in the cookie jar. (CVE-2016-8615)

It was discovered that curl incorrect handled case when comparing user
names and passwords. A remote attacker with knowledge of a
case-insensitive version of the correct password could possibly use
this issue to cause a connection to be reused. (CVE-2016-8616)

It was discovered that curl incorrect handled memory when encoding to
base64. A remote attacker could possibly use this issue to cause curl
to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-8617)

It was discovered that curl incorrect handled memory when preparing
formatted output. A remote attacker could possibly use this issue to
cause curl to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-8618)

It was discovered that curl incorrect handled memory when performing
Kerberos authentication. A remote attacker could possibly use this
issue to cause curl to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-8619)

Luat Nguyen discovered that curl incorrectly handled parsing
globs. A remote attacker could possibly use this issue to cause curl
to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu
16.04 LTS and Ubuntu 16.10. (CVE-2016-8620)

Luat Nguyen discovered that curl incorrectly handled converting
dates. A remote attacker could possibly use this issue to cause curl
to crash, resulting in a denial of service. (CVE-2016-8621)

It was discovered that curl incorrectly handled URL percent-encoding
decoding. A remote attacker could possibly use this issue to cause
curl to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-8622)

It was discovered that curl incorrectly handled shared cookies. A
remote server could possibly obtain incorrect cookies or other
sensitive information. (CVE-2016-8623)

Fernando Munoz discovered that curl incorrect parsed certain URLs. A
remote attacker could possibly use this issue to trick curl into
connecting to a different host. (CVE-2016-8624).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libcurl3, libcurl3-gnutls and / or libcurl3-nss
packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now