4.6 - USN-228-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	curl library vulnerability

Informations
Name	USN-228-1	First vendor Publication	2005-12-12
Vendor	Ubuntu	Last vendor Modification	2005-12-12
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libcurl2 libcurl3

The problem can be corrected by upgrading the affected package to version 7.12.0.is.7.11.2-1ubuntu0.3 (for Ubuntu 4.10), 7.12.3-2ubuntu3.5 (libcurl3 for Ubuntu 5.04), 1:7.11.2-12ubuntu3.3 (libcurl2 for Ubuntu 5.04), or 7.14.0-2ubuntu1.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Stefan Esser discovered several buffer overflows in the handling of URLs. By attempting to load an URL with a specially crafted invalid hostname, a local attacker could exploit this to execute arbitrary code with the privileges of the application that uses the cURL library.

It is not possible to trick cURL into loading a malicious URL with an HTTP redirect, so this vulnerability was usually not exploitable remotely. However, it could be exploited locally to e. g. circumvent PHP security restrictions.

Original Source

Url : http://www.ubuntu.com/usn/USN-228-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10855

Oval ID:	oval:org.mitre.oval:def:10855
Title:	Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
Description:	Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-4077	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section curl-devel is earlier than 0:7.12.1-8.rhel4 AND curl is earlier than 0:7.12.1-8.rhel4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Daniel Stenberg Curl cpe:2.3:a:daniel_stenberg:curl:7.15:::::::* cpe:2.3:a:daniel_stenberg:curl:7.14.1:::::::* cpe:2.3:a:daniel_stenberg:curl:7.14:::::::* cpe:2.3:a:daniel_stenberg:curl:7.13.2:::::::* cpe:2.3:a:daniel_stenberg:curl:7.13.1:::::::* cpe:2.3:a:daniel_stenberg:curl:7.13:::::::* cpe:2.3:a:daniel_stenberg:curl:7.12.3:::::::* cpe:2.3:a:daniel_stenberg:curl:7.12.2:::::::* cpe:2.3:a:daniel_stenberg:curl:7.12.1:::::::* cpe:2.3:a:daniel_stenberg:curl:7.12:::::::* cpe:2.3:a:daniel_stenberg:curl:7.11.2:::::::*	11

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200512-09 (cURL) File : nvt/glsa_200512_09.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200603-25 (openoffice openoffice-bin) File : nvt/glsa_200603_25.nasl
2008-09-04	Name : FreeBSD Ports: curl File : nvt/freebsd_curl0.nasl
2008-01-17	Name : Debian Security Advisory DSA 919-1 (curl) File : nvt/deb_919_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 919-2 (curl) File : nvt/deb_919_2.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
21509	cURL/libcURL Crafted URL Parsing Overflow

Nessus® Vulnerability Scanner

Date	Description
2008-03-19	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-919.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-875.nasl - Type : ACT_GATHER_INFO
2006-05-13	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_9b4facec676111da99f600123ffe8333.nasl - Type : ACT_GATHER_INFO
2006-05-12	Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2006-003.nasl - Type : ACT_GATHER_INFO
2006-03-28	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200603-25.nasl - Type : ACT_GATHER_INFO
2006-01-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-228-1.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-224.nasl - Type : ACT_GATHER_INFO
2005-12-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-875.nasl - Type : ACT_GATHER_INFO
2005-12-20	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200512-09.nasl - Type : ACT_GATHER_INFO
2005-12-15	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1136.nasl - Type : ACT_GATHER_INFO
2005-12-15	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1137.nasl - Type : ACT_GATHER_INFO
2005-12-11	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1129.nasl - Type : ACT_GATHER_INFO
2005-12-11	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1130.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:03:11	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	11
osvdb(s)	1
Openvas Exploit(s)	6
Nessus® Exploit(s)	14

	Related
4.6	CVE-2005-4077
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)