Test ID:	1.3.6.1.4.1.25623.1.0.880682
Category:	CentOS Local Security Checks
Title:	CentOS Update for curl CESA-2009:1209 centos5 i386
Summary:	The remote host is missing an update for the 'curl'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the referenced advisory. Vulnerability Insight: cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported that cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. (CVE-2009-2417) cURL users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications using libcurl must be restarted for the update to take effect. Affected Software/OS: curl on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2417 20090824 rPSA-2009-0124-1 curl http://www.securityfocus.com/archive/1/506055/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 36032 http://www.securityfocus.com/bid/36032 36238 http://secunia.com/advisories/36238 36475 http://secunia.com/advisories/36475 37471 http://secunia.com/advisories/37471 45047 http://secunia.com/advisories/45047 ADV-2009-2263 http://www.vupen.com/english/advisories/2009/2263 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html USN-1158-1 http://www.ubuntu.com/usn/USN-1158-1 curl-certificate-security-bypass(52405) https://exchange.xforce.ibmcloud.com/vulnerabilities/52405 http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch http://curl.haxx.se/docs/adv_20090812.txt http://shibboleth.internet2.edu/secadv/secadv_20090817.txt http://support.apple.com/kb/HT4077 http://wiki.rpath.com/Advisories:rPSA-2009-0124 http://www.vmware.com/security/advisories/VMSA-2009-0016.html oval:org.mitre.oval:def:10114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114 oval:org.mitre.oval:def:8542 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.