Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70715
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2398-1 (curl)
Summary:The remote host is missing an update to curl;announced via advisory DSA 2398-1.
Description:Summary:
The remote host is missing an update to curl
announced via advisory DSA 2398-1.

Vulnerability Insight:
Several vulnerabilities have been discovered in Curl, an URL transfer
library. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2011-3389

This update enables OpenSSL workarounds against the BEAST attack.

CVE-2012-0036

Dan Fandrich discovered that Curl performs insufficient sanitising
when extracting the file path part of an URL.

For the oldstable distribution (lenny), this problem has been fixed in
version 7.18.2-8lenny6.

For the stable distribution (squeeze), this problem has been fixed in
version 7.21.0-2.1+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 7.24.0-1.

Solution:
We recommend that you upgrade your curl packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3389
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 49388
http://www.securityfocus.com/bid/49388
BugTraq ID: 49778
http://www.securityfocus.com/bid/49778
Cert/CC Advisory: TA12-010A
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
CERT/CC vulnerability note: VU#864643
http://www.kb.cert.org/vuls/id/864643
Debian Security Information: DSA-2398 (Google Search)
http://www.debian.org/security/2012/dsa-2398
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02742
http://marc.info/?l=bugtraq&m=132872385320240&w=2
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBUX02730
http://marc.info/?l=bugtraq&m=132750579901589&w=2
HPdes Security Advisory: HPSBUX02760
http://marc.info/?l=bugtraq&m=133365109612558&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100710
HPdes Security Advisory: SSRT100740
HPdes Security Advisory: SSRT100805
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.insecure.cl/Beast-SSL.rar
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Microsoft Security Bulletin: MS12-006
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
http://osvdb.org/74829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
RedHat Security Advisories: RHSA-2012:0508
http://rhn.redhat.com/errata/RHSA-2012-0508.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search)
https://hermes.opensuse.org/messages/13154861
SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search)
https://hermes.opensuse.org/messages/13155432
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1263-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0036
BugTraq ID: 51665
http://www.securityfocus.com/bid/51665
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: SSRT100877
http://www.securitytracker.com/id/1032924
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.