Executive Summary

Summary
Title curl vulnerability
Informations
Name USN-2882-1 First vendor Publication 2016-01-27
Vendor Ubuntu Last vendor Modification 2016-01-27
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

curl would incorrectly re-use credentials.

Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Isaac Boukris discovered that curl could incorrectly re-use NTLM proxy credentials when subsequently connecting to the same host.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10:
libcurl3 7.43.0-1ubuntu2.1
libcurl3-gnutls 7.43.0-1ubuntu2.1
libcurl3-nss 7.43.0-1ubuntu2.1

Ubuntu 15.04:
libcurl3 7.38.0-3ubuntu2.3
libcurl3-gnutls 7.38.0-3ubuntu2.3
libcurl3-nss 7.38.0-3ubuntu2.3

Ubuntu 14.04 LTS:
libcurl3 7.35.0-1ubuntu2.6
libcurl3-gnutls 7.35.0-1ubuntu2.6
libcurl3-nss 7.35.0-1ubuntu2.6

Ubuntu 12.04 LTS:
libcurl3 7.22.0-3ubuntu4.15
libcurl3-gnutls 7.22.0-3ubuntu4.15
libcurl3-nss 7.22.0-3ubuntu4.15

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2882-1
CVE-2016-0755

Package Information:
https://launchpad.net/ubuntu/+source/curl/7.43.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.3
https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.6
https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.15

Original Source

Url : http://www.ubuntu.com/usn/USN-2882-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 124
Os 4
Os 1

Nessus® Vulnerability Scanner

Date Description
2017-01-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-47.nasl - Type : ACT_GATHER_INFO
2016-09-23 Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_12.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2016-3fa315a5dd.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2016-55137a3adb.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2016-57bebab3b6.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2016-5a141de5d9.nasl - Type : ACT_GATHER_INFO
2016-02-10 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-652.nasl - Type : ACT_GATHER_INFO
2016-02-09 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2016-039-01.nasl - Type : ACT_GATHER_INFO
2016-02-09 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-170.nasl - Type : ACT_GATHER_INFO
2016-02-08 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-152.nasl - Type : ACT_GATHER_INFO
2016-02-08 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-153.nasl - Type : ACT_GATHER_INFO
2016-02-08 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0340-1.nasl - Type : ACT_GATHER_INFO
2016-02-08 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0347-1.nasl - Type : ACT_GATHER_INFO
2016-01-29 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_8b27f1bcc50911e5a95fb499baebfeaf.nasl - Type : ACT_GATHER_INFO
2016-01-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3455.nasl - Type : ACT_GATHER_INFO
2016-01-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2882-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2016-02-19 21:29:01
  • Multiple Updates
2016-02-17 21:30:40
  • Multiple Updates
2016-01-30 00:26:50
  • Multiple Updates
2016-01-29 13:26:20
  • Multiple Updates
2016-01-27 21:28:18
  • Multiple Updates
2016-01-27 21:23:32
  • First insertion