FreeBSD : cURL -- Multiple vulnerabilities (301a01b7-d50e-11e7-ac58-b499baebfeaf)

High Nessus Plugin ID 104863

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The cURL project reports :

- NTLM buffer overflow via integer overflow (CVE-2017-8816)libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curl_ntlm_core_mk_ntlmv2_hash sums up the lengths of the user name + password (= SUM) and multiplies the sum by two (= SIZE) to figure out how large storage to allocate from the heap.

- FTP wildcard out of bounds read (CVE-2017-8817) libcurl contains a read out of bounds flaw in the FTP wildcard function. libcurl's FTP wildcard matching feature, which is enabled with the CURLOPT_WILDCARDMATCH option can use a built-in wildcard function or a user provided one. The built-in wildcard function has a flaw that makes it not detect the end of the pattern string if it ends with an open bracket ([) but instead it will continue reading the heap beyond the end of the URL buffer that holds the wildcard.

- SSL out of buffer access (CVE-2017-8818) libcurl contains an out boundary access flaw in SSL related code. When allocating memory for a connection (the internal struct called connectdata), a certain amount of memory is allocated at the end of the struct to be used for SSL related structs. Those structs are used by the particular SSL library libcurl is built to use. The application can also tell libcurl which specific SSL library to use if it was built to support more than one.

Solution

Update the affected packages.

See Also

https://curl.haxx.se/changes.html

http://www.nessus.org/u?b74b79e5

Plugin Details

Severity: High

ID: 104863

File Name: freebsd_pkg_301a01b7d50e11e7ac58b499baebfeaf.nasl

Version: 3.5

Type: local

Published: 2017/11/30

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:curl, p-cpe:/a:freebsd:freebsd:linux-c7-curl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/11/29

Vulnerability Publication Date: 2017/11/29

Reference Information

CVE: CVE-2017-8816, CVE-2017-8817, CVE-2017-8818