ID de Prueba:	1.3.6.1.4.1.25623.1.0.120531
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-514)
Resumen:	The remote host is missing an update for the 'curl' package(s) announced via the ALAS-2015-514 advisory.
Descripción:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the ALAS-2015-514 advisory. Vulnerability Insight: It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user. (CVE-2015-3143) It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones. (CVE-2015-3148) It was discovered that libcurl did not properly process cookies with a specially crafted 'path' element. If an application using libcurl connected to a malicious HTTP server sending specially crafted 'Set-Cookies' headers, this could lead to an out-of-bounds read, and possibly cause that application to crash. (CVE-2015-3145) It was discovered that libcurl did not properly process zero-length host names. If an attacker could trick an application using libcurl into processing zero-length host names, this could lead to an out-of-bounds read, and possibly cause that application to crash. (CVE-2015-3144) Affected Software/OS: 'curl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3143 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 74299 http://www.securityfocus.com/bid/74299 Debian Security Information: DSA-3232 (Google Search) http://www.debian.org/security/2015/dsa-3232 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html https://security.gentoo.org/glsa/201509-02 HPdes Security Advisory: HPSBHF03544 http://marc.info/?l=bugtraq&m=145612005512270&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:219 http://www.mandriva.com/security/advisories?name=MDVSA-2015:220 RedHat Security Advisories: RHSA-2015:1254 http://rhn.redhat.com/errata/RHSA-2015-1254.html http://www.securitytracker.com/id/1032232 SuSE Security Announcement: openSUSE-SU-2015:0799 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html http://www.ubuntu.com/usn/USN-2591-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-3144 BugTraq ID: 74300 http://www.securityfocus.com/bid/74300 Common Vulnerability Exposure (CVE) ID: CVE-2015-3145 BugTraq ID: 74303 http://www.securityfocus.com/bid/74303 Common Vulnerability Exposure (CVE) ID: CVE-2015-3148 BugTraq ID: 74301 http://www.securityfocus.com/bid/74301
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.