Executive Summary

Summary
TitlecURL: Multiple vulnerabilities
Informations
NameGLSA-201203-02First vendor Publication2012-03-06
VendorGentooLast vendor Modification2012-03-06
Severity (Vendor) NormalRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in cURL, the worst of which might allow remote execution of arbitrary code.

Background

cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols.

Description

Multiple vulnerabilities have been found in cURL:

* When zlib is enabled, the amount of data sent to an application for automatic decompression is not restricted (CVE-2010-0734).
* When performing GSSAPI authentication, credential delegation is always used (CVE-2011-2192).
* When SSL is enabled, cURL improperly disables the OpenSSL workaround to mitigate an information disclosure vulnerability in the SSL and TLS protocols (CVE-2011-3389).
* libcurl does not properly verify file paths for escape control characters in IMAP, POP3 or SMTP URLs (CVE-2012-0036).

Impact

A remote attacker could entice a user or automated process to open a specially crafted file or URL using cURL, possibly resulting in the remote execution of arbitrary code, a Denial of Service condition, disclosure of sensitive information, or unwanted actions performed via the IMAP, POP3 or SMTP protocols. Furthermore, remote servers may be able to impersonate clients via GSSAPI requests.

Workaround

There is no known workaround at this time.

Resolution

All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.24.0"

References

[ 1 ] CVE-2010-0734 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0734
[ 2 ] CVE-2011-2192 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2192
[ 3 ] CVE-2011-3389 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 4 ] CVE-2012-0036 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0036

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201203-02.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201203-02.xml

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-255Credentials Management
CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6756
 
Oval ID: oval:org.mitre.oval:def:6756
Title: VMware ESX, Service Console update for cURL.
Description: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0734
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22172
 
Oval ID: oval:org.mitre.oval:def:22172
Title: RHSA-2010:0273: curl security, bug fix and enhancement update (Moderate)
Description: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
Family: unix Class: patch
Reference(s): RHSA-2010:0273-05
CVE-2010-0734
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): curl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10760
 
Oval ID: oval:org.mitre.oval:def:10760
Title: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
Description: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0734
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23020
 
Oval ID: oval:org.mitre.oval:def:23020
Title: ELSA-2010:0273: curl security, bug fix and enhancement update (Moderate)
Description: content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
Family: unix Class: patch
Reference(s): ELSA-2010:0273-05
CVE-2010-0734
Version: 3
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21913
 
Oval ID: oval:org.mitre.oval:def:21913
Title: RHSA-2011:0918: curl security update (Moderate)
Description: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Family: unix Class: patch
Reference(s): RHSA-2011:0918-01
CVE-2011-2192
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): curl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20630
 
Oval ID: oval:org.mitre.oval:def:20630
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2192
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23218
 
Oval ID: oval:org.mitre.oval:def:23218
Title: ELSA-2011:0918: curl security update (Moderate)
Description: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Family: unix Class: patch
Reference(s): ELSA-2011:0918-01
CVE-2011-2192
Version: 3
Platform(s): Oracle Linux 4
Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19673
 
Oval ID: oval:org.mitre.oval:def:19673
Title: HP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of Information
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3389
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14752
 
Oval ID: oval:org.mitre.oval:def:14752
Title: SSL and TLS Protocols Vulnerability
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3389
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application14
Application48
Application1
Application1
Application1
Application1
Os1

OpenVAS Exploits

DateDescription
2012-10-19Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl
2012-10-19Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl
2012-09-25Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-09-22Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127
File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl
2012-09-04Name : Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)
File : nvt/gb_mandriva_MDVSA_2012_149.nasl
2012-09-04Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138
File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl
2012-08-30Name : FreeBSD Ports: fetchmail
File : nvt/freebsd_fetchmail16.nasl
2012-08-30Name : Fedora Update for python3 FEDORA-2012-5785
File : nvt/gb_fedora_2012_5785_python3_fc17.nasl
2012-08-30Name : Fedora Update for python-docs FEDORA-2012-5892
File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl
2012-08-30Name : Fedora Update for python FEDORA-2012-5892
File : nvt/gb_fedora_2012_5892_python_fc17.nasl
2012-08-03Name : Mandriva Update for curl MDVSA-2012:058 (curl)
File : nvt/gb_mandriva_MDVSA_2012_058.nasl
2012-07-30Name : CentOS Update for firefox CESA-2012:1088 centos5
File : nvt/gb_CESA-2012_1088_firefox_centos5.nasl
2012-07-30Name : CentOS Update for firefox CESA-2012:1088 centos6
File : nvt/gb_CESA-2012_1088_firefox_centos6.nasl
2012-07-30Name : CentOS Update for thunderbird CESA-2012:1089 centos5
File : nvt/gb_CESA-2012_1089_thunderbird_centos5.nasl
2012-07-30Name : CentOS Update for thunderbird CESA-2012:1089 centos6
File : nvt/gb_CESA-2012_1089_thunderbird_centos6.nasl
2012-07-30Name : CentOS Update for java CESA-2011:1380 centos5 x86_64
File : nvt/gb_CESA-2011_1380_java_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for curl CESA-2011:0918 centos4 x86_64
File : nvt/gb_CESA-2011_0918_curl_centos4_x86_64.nasl
2012-07-30Name : CentOS Update for curl CESA-2011:0918 centos5 x86_64
File : nvt/gb_CESA-2011_0918_curl_centos5_x86_64.nasl
2012-07-19Name : RedHat Update for firefox RHSA-2012:1088-01
File : nvt/gb_RHSA-2012_1088-01_firefox.nasl
2012-07-19Name : RedHat Update for thunderbird RHSA-2012:1089-01
File : nvt/gb_RHSA-2012_1089-01_thunderbird.nasl
2012-06-22Name : Mandriva Update for python MDVSA-2012:096 (python)
File : nvt/gb_mandriva_MDVSA_2012_096.nasl
2012-06-22Name : Mandriva Update for python MDVSA-2012:097 (python)
File : nvt/gb_mandriva_MDVSA_2012_097.nasl
2012-06-22Name : Fedora Update for python3 FEDORA-2012-9135
File : nvt/gb_fedora_2012_9135_python3_fc16.nasl
2012-06-19Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541
File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl
2012-06-19Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545
File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl
2012-06-19Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593
File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl
2012-05-18Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-05-08Name : Fedora Update for python-docs FEDORA-2012-5924
File : nvt/gb_fedora_2012_5924_python-docs_fc16.nasl
2012-05-08Name : Fedora Update for python FEDORA-2012-5924
File : nvt/gb_fedora_2012_5924_python_fc16.nasl
2012-05-04Name : Fedora Update for python3 FEDORA-2012-5916
File : nvt/gb_fedora_2012_5916_python3_fc15.nasl
2012-04-30Name : Debian Security Advisory DSA 2398-2 (curl)
File : nvt/deb_2398_2.nasl
2012-04-06Name : Opera Extended Validation Information Disclosure Vulnerabilities (Linux)
File : nvt/gb_opera_extented_validation_info_disc_vuln_lin.nasl
2012-04-02Name : Fedora Update for firefox FEDORA-2011-17400
File : nvt/gb_fedora_2011_17400_firefox_fc16.nasl
2012-04-02Name : Fedora Update for nss-softokn FEDORA-2011-17400
File : nvt/gb_fedora_2011_17400_nss-softokn_fc16.nasl
2012-04-02Name : Fedora Update for nss-util FEDORA-2011-17400
File : nvt/gb_fedora_2011_17400_nss-util_fc16.nasl
2012-04-02Name : Fedora Update for thunderbird-lightning FEDORA-2011-17400
File : nvt/gb_fedora_2011_17400_thunderbird-lightning_fc16.nasl
2012-04-02Name : Fedora Update for thunderbird FEDORA-2011-17400
File : nvt/gb_fedora_2011_17400_thunderbird_fc16.nasl
2012-04-02Name : Fedora Update for xulrunner FEDORA-2011-17400
File : nvt/gb_fedora_2011_17400_xulrunner_fc16.nasl
2012-04-02Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-1690
File : nvt/gb_fedora_2012_1690_java-1.7.0-openjdk_fc16.nasl
2012-04-02Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1711
File : nvt/gb_fedora_2012_1711_java-1.6.0-openjdk_fc16.nasl
2012-04-02Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-15020
File : nvt/gb_fedora_2011_15020_java-1.6.0-openjdk_fc16.nasl
2012-04-02Name : Fedora Update for curl FEDORA-2012-0894
File : nvt/gb_fedora_2012_0894_curl_fc16.nasl
2012-03-19Name : Fedora Update for nss FEDORA-2011-17400
File : nvt/gb_fedora_2011_17400_nss_fc16.nasl
2012-03-19Name : Fedora Update for java-1.7.0-openjdk FEDORA-2011-15555
File : nvt/gb_fedora_2011_15555_java-1.7.0-openjdk_fc16.nasl
2012-03-16Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-15Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser...
File : nvt/gb_VMSA-2012-0001.nasl
2012-03-12Name : Gentoo Security Advisory GLSA 201203-02 (cURL)
File : nvt/glsa_201203_02.nasl
2012-03-09Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721
File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl
2012-02-13Name : Fedora Update for curl FEDORA-2012-0888
File : nvt/gb_fedora_2012_0888_curl_fc15.nasl
2012-02-12Name : Debian Security Advisory DSA 2398-1 (curl)
File : nvt/deb_2398_1.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201111_02.nasl
2012-02-11Name : Debian Security Advisory DSA 2356-1 (openjdk-6)
File : nvt/deb_2356_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2358-1 (openjdk-6)
File : nvt/deb_2358_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2368-1 (lighttpd)
File : nvt/deb_2368_1.nasl
2012-02-06Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2012-01-25Name : Ubuntu Update for openjdk-6 USN-1263-2
File : nvt/gb_ubuntu_USN_1263_2.nasl
2012-01-25Name : Ubuntu Update for curl USN-1346-1
File : nvt/gb_ubuntu_USN_1346_1.nasl
2012-01-23Name : Fedora Update for nss FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_nss_fc15.nasl
2012-01-23Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_perl-Gtk2-MozEmbed_fc15.nasl
2012-01-23Name : Fedora Update for thunderbird-lightning FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_thunderbird-lightning_fc15.nasl
2012-01-23Name : Fedora Update for thunderbird FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_thunderbird_fc15.nasl
2012-01-23Name : Fedora Update for xulrunner FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_xulrunner_fc15.nasl
2012-01-23Name : Fedora Update for firefox FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_firefox_fc15.nasl
2012-01-23Name : Fedora Update for gnome-python2-extras FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_gnome-python2-extras_fc15.nasl
2012-01-23Name : Fedora Update for nspr FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_nspr_fc15.nasl
2012-01-23Name : Fedora Update for nss-softokn FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_nss-softokn_fc15.nasl
2012-01-23Name : Fedora Update for nss-util FEDORA-2011-17399
File : nvt/gb_fedora_2011_17399_nss-util_fc15.nasl
2012-01-11Name : Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
File : nvt/secpod_ms12-006.nasl
2011-11-18Name : Ubuntu Update for icedtea-web USN-1263-1
File : nvt/gb_ubuntu_USN_1263_1.nasl
2011-11-14Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2011_170.nasl
2011-10-21Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:1380-01
File : nvt/gb_RHSA-2011_1380-01_java-1.6.0-openjdk.nasl
2011-10-21Name : CentOS Update for java CESA-2011:1380 centos5 i386
File : nvt/gb_CESA-2011_1380_java_centos5_i386.nasl
2011-10-21Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638
File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl
2011-10-21Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14648
File : nvt/gb_fedora_2011_14648_java-1.6.0-openjdk_fc15.nasl
2011-09-09Name : Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X)
File : nvt/gb_opera_extented_validation_info_disc_vuln_macosx.nasl
2011-09-09Name : Opera Extended Validation Information Disclosure Vulnerabilities (Windows)
File : nvt/gb_opera_extented_validation_info_disc_vuln_win.nasl
2011-08-18Name : CentOS Update for curl CESA-2011:0918 centos4 i386
File : nvt/gb_CESA-2011_0918_curl_centos4_i386.nasl
2011-08-09Name : CentOS Update for curl CESA-2011:0918 centos5 i386
File : nvt/gb_CESA-2011_0918_curl_centos5_i386.nasl
2011-08-03Name : Debian Security Advisory DSA 2271-1 (curl)
File : nvt/deb_2271_1.nasl
2011-07-27Name : Mandriva Update for curl MDVSA-2011:116 (curl)
File : nvt/gb_mandriva_MDVSA_2011_116.nasl
2011-07-12Name : Fedora Update for curl FEDORA-2011-8586
File : nvt/gb_fedora_2011_8586_curl_fc15.nasl
2011-07-08Name : Fedora Update for curl FEDORA-2011-8640
File : nvt/gb_fedora_2011_8640_curl_fc14.nasl
2011-07-08Name : RedHat Update for curl RHSA-2011:0918-01
File : nvt/gb_RHSA-2011_0918-01_curl.nasl
2011-06-24Name : Ubuntu Update for curl USN-1158-1
File : nvt/gb_ubuntu_USN_1158_1.nasl
2010-04-21Name : FreeBSD Ports: curl
File : nvt/freebsd_curl3.nasl
2010-04-09Name : CentOS Update for curl CESA-2010:0329 centos3 i386
File : nvt/gb_CESA-2010_0329_curl_centos3_i386.nasl
2010-04-09Name : CentOS Update for curl CESA-2010:0329 centos4 i386
File : nvt/gb_CESA-2010_0329_curl_centos4_i386.nasl
2010-04-06Name : Debian Security Advisory DSA 2023-1 (curl)
File : nvt/deb_2023_1.nasl
2010-04-06Name : RedHat Update for curl RHSA-2010:0273-05
File : nvt/gb_RHSA-2010_0273-05_curl.nasl
2010-04-06Name : RedHat Update for curl RHSA-2010:0329-01
File : nvt/gb_RHSA-2010_0329-01_curl.nasl
2010-03-22Name : Mandriva Update for curl MDVSA-2010:062 (curl)
File : nvt/gb_mandriva_MDVSA_2010_062.nasl
2010-03-22Name : Fedora Update for curl FEDORA-2010-2720
File : nvt/gb_fedora_2010_2720_curl_fc11.nasl
2010-03-12Name : Fedora Update for curl FEDORA-2010-2762
File : nvt/gb_fedora_2010_2762_curl_fc12.nasl
2010-02-19Name : Mandriva Update for drakxtools MDVA-2010:062 (drakxtools)
File : nvt/gb_mandriva_MDVA_2010_062.nasl
2010-02-19Name : Mandriva Update for drakxtools MDVA-2010:062-1 (drakxtools)
File : nvt/gb_mandriva_MDVA_2010_062_1.nasl
0000-00-00Name : Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
File : nvt/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl
0000-00-00Name : FreeBSD Ports: opera, linux-opera
File : nvt/freebsd_opera25.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
78512cURL Multiple Protocol File Path URL Parsing Control Character Injection
74829SSL Chained Initialization Vector CBC Mode MiTM Weakness
73686libcurl http_negotiate.c Curl_input_negotiate Function GSSAPI Credential Dele...
73328cURL GSSAPI Client Credential Remote Disclosure
62217cURL / libcURL Compressed HTTP Content Registered Callback Overflow

Information Assurance Vulnerability Management (IAVM)

DateDescription
2014-02-27IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001
Severity : Category I - VMSKEY : V0044547
2013-10-17IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0040786
2012-03-29IAVM : 2012-A-0048 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.0
Severity : Category I - VMSKEY : V0031901
2012-02-02IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity : Category I - VMSKEY : V0031252
2012-01-13IAVM : 2012-B-0006 - Microsoft SSL/TLS Information Disclosure Vulnerability
Severity : Category I - VMSKEY : V0031054
2011-05-12IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Snort® IPS/IDS

DateDescription
2014-01-10SSL CBC encryption mode weakness brute force attempt
RuleID : 20212 - Revision : 7 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

DateDescription
2014-04-16Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_9aecb94cc1ad11e3a5ac001b21614864.nasl - Type : ACT_GATHER_INFO
2014-02-25Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO
2014-02-07Name : The remote mail server is affected by file disclosure and corruption vulnerab...
File : kerio_connect_810.nasl - Type : ACT_GATHER_INFO
2013-10-23Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_9.nasl - Type : ACT_GATHER_INFO
2013-10-16Name : The remote database server is affected by multiple vulnerabilities.
File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-80.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-81.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-10.nasl - Type : ACT_GATHER_INFO
2013-07-23Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_2_1_0.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0329.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0918.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1088.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2012-1089.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1380.nasl - Type : ACT_GATHER_INFO
2013-07-10Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libcurl4-8618.nasl - Type : ACT_GATHER_INFO
2013-04-20Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-037.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO
2012-09-06Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO
2012-09-06Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-149.nasl - Type : ACT_GATHER_INFO
2012-08-30Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_18ce9a90f26911e1be53080027ef73ec.nasl - Type : ACT_GATHER_INFO
2012-08-03Name : The remote host has an application installed that is affected by multiple vul...
File : macosx_xcode_4_4.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100330_curl_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100330_curl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100330_curl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110705_curl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120717_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120717_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111018_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111019_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO
2012-07-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO
2012-07-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO
2012-07-18Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO
2012-07-05Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO
2012-06-21Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO
2012-06-20Name : The remote Fedora host is missing a security update.
File : fedora_2012-9135.nasl - Type : ACT_GATHER_INFO
2012-05-10Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO
2012-05-10Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO
2012-05-07Name : The remote Fedora host is missing a security update.
File : fedora_2012-5785.nasl - Type : ACT_GATHER_INFO
2012-05-07Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-5924.nasl - Type : ACT_GATHER_INFO
2012-05-04Name : The remote Fedora host is missing a security update.
File : fedora_2012-5916.nasl - Type : ACT_GATHER_INFO
2012-05-02Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-5892.nasl - Type : ACT_GATHER_INFO
2012-04-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_python-8080.nasl - Type : ACT_GATHER_INFO
2012-04-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0508.nasl - Type : ACT_GATHER_INFO
2012-04-20Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2012-04-16Name : It may be possible to obtain sensitive information from the remote host with ...
File : ssl3_tls1_iv_impl_info_disclosure.nasl - Type : ACT_GATHER_INFO
2012-04-16Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-058.nasl - Type : ACT_GATHER_INFO
2012-03-16Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO
2012-03-09Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2012-0003.nasl - Type : ACT_GATHER_INFO
2012-03-06Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201203-02.nasl - Type : ACT_GATHER_INFO
2012-02-29Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-120223.nasl - Type : ACT_GATHER_INFO
2012-02-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-120105.nasl - Type : ACT_GATHER_INFO
2012-02-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-0888.nasl - Type : ACT_GATHER_INFO
2012-02-06Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_curl-7937.nasl - Type : ACT_GATHER_INFO
2012-02-02Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-02-02Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2012-01-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2398.nasl - Type : ACT_GATHER_INFO
2012-01-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO
2012-01-30Name : The remote Fedora host is missing a security update.
File : fedora_2012-0894.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1263-2.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1346-1.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7908.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7926.nasl - Type : ACT_GATHER_INFO
2012-01-23Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-17399.nasl - Type : ACT_GATHER_INFO
2012-01-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0034.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2358.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2368.nasl - Type : ACT_GATHER_INFO
2012-01-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0006.nasl - Type : ACT_GATHER_INFO
2012-01-10Name : It may be possibe to obtain sensitive information from the remote Windows hos...
File : smb_nt_ms12-006.nasl - Type : ACT_GATHER_INFO
2011-12-23Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-17400.nasl - Type : ACT_GATHER_INFO
2011-12-14Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_a4a809d825c811e1b53100215c6a37bb.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nss-7842.nasl - Type : ACT_GATHER_INFO
2011-12-07Name : The remote host contains a web browser that is potentially affected by multip...
File : opera_1160.nasl - Type : ACT_GATHER_INFO
2011-12-02Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2356.nasl - Type : ACT_GATHER_INFO
2011-11-17Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1263-1.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-170.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-15555.nasl - Type : ACT_GATHER_INFO
2011-11-09Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update6.nasl - Type : ACT_GATHER_INFO
2011-11-09Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_7_update1.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2011-15020.nasl - Type : ACT_GATHER_INFO
2011-10-20Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO
2011-10-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1384.nasl - Type : ACT_GATHER_INFO
2011-10-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO
2011-09-01Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : opera_1151.nasl - Type : ACT_GATHER_INFO
2011-07-25Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-116.nasl - Type : ACT_GATHER_INFO
2011-07-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0918.nasl - Type : ACT_GATHER_INFO
2011-07-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0918.nasl - Type : ACT_GATHER_INFO
2011-07-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2271.nasl - Type : ACT_GATHER_INFO
2011-07-05Name : The remote Fedora host is missing a security update.
File : fedora_2011-8640.nasl - Type : ACT_GATHER_INFO
2011-06-27Name : The remote Fedora host is missing a security update.
File : fedora_2011-8586.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1158-1.nasl - Type : ACT_GATHER_INFO
2011-02-14Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2010-10-04Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-2720.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-2762.nasl - Type : ACT_GATHER_INFO
2010-06-15Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_4.nasl - Type : ACT_GATHER_INFO
2010-06-15Name : The remote host is missing a Mac OS X update that fixes a security issue.
File : macosx_SecUpd2010-004.nasl - Type : ACT_GATHER_INFO
2010-05-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0273.nasl - Type : ACT_GATHER_INFO
2010-05-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0329.nasl - Type : ACT_GATHER_INFO
2010-04-20Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_c8c31c4149ed11df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO
2010-04-09Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0329.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2023.nasl - Type : ACT_GATHER_INFO
2010-03-22Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-062.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:37:13
  • Multiple Updates