EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1021)

Critical Nessus Plugin ID 122168

Synopsis

The remote EulerOS host is missing a security update.

Description

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

- curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap.
The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected curl package.

See Also

http://www.nessus.org/u?5aee7740

Plugin Details

Severity: Critical

ID: 122168

File Name: EulerOS_SA-2019-1021.nasl

Version: 1.5

Type: local

Published: 2019/02/14

Updated: 2020/05/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:curl, p-cpe:/a:huawei:euleros:libcurl, p-cpe:/a:huawei:euleros:libcurl-devel, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/01/19

Reference Information

CVE: CVE-2018-14618