FreeBSD : cURL -- uninitialized random vulnerability (c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Project curl Security Advisory :

libcurl's (new) internal function that returns a good 32bit random
value was implemented poorly and overwrote the pointer instead of
writing the value into the buffer the pointer pointed to.

This random value is used to generate nonces for Digest and NTLM
authentication, for generating boundary strings in HTTP formposts and
more. Having a weak or virtually non-existent random there makes these
operations vulnerable.

This function is brand new in 7.52.0 and is the result of an overhaul
to make sure libcurl uses strong random as much as possible - provided
by the backend TLS crypto libraries when present. The faulty function
was introduced in this commit.

We are not aware of any exploit of this flaw.

See also :

https://curl.haxx.se/docs/adv_20161223.html
http://www.nessus.org/u?2f7c0058

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96120 ()

Bugtraq ID:

CVE ID: CVE-2016-9594

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now