Oracle Solaris Third-Party Patch Update : libcurl (cve_2013_1944_information_disclosure)
Medium Nessus Plugin ID 80662
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. (CVE-2013-1944)
- Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a '%' (percent) character. (CVE-2013-2174)
- cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
- cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
SolutionUpgrade to Solaris 188.8.131.52.0.