FreeBSD : cURL -- uninitialized random vulnerability (c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4)

high Nessus Plugin ID 96120

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Project curl Security Advisory :

libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to.

This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary strings in HTTP formposts and more. Having a weak or virtually non-existent random there makes these operations vulnerable.

This function is brand new in 7.52.0 and is the result of an overhaul to make sure libcurl uses strong random as much as possible - provided by the backend TLS crypto libraries when present. The faulty function was introduced in this commit.

We are not aware of any exploit of this flaw.

Solution

Update the affected package.

See Also

https://curl.haxx.se/docs/CVE-2016-9594.html

http://www.nessus.org/u?eef2180d

Plugin Details

Severity: High

ID: 96120

File Name: freebsd_pkg_c40ca16c4d9f4d708b6c4d53aeb8ead4.nasl

Version: 3.6

Type: local

Published: 12/27/2016

Updated: 1/4/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:curl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/24/2016

Vulnerability Publication Date: 12/23/2016

Reference Information

CVE: CVE-2016-9594