 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.704136 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-4136-1) |
| Summary: | The remote host is missing an update for the Debian 'curl' package(s) announced via the DSA-4136-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'curl' package(s) announced via the DSA-4136-1 advisory. Vulnerability Insight: Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of the URL contains a '%00' sequence. CVE-2018-1000121 Dario Weisser discovered that curl might dereference a near-NULL address when getting an LDAP URL due to the ldap_get_attribute_ber() function returning LDAP_SUCCESS and a NULL pointer. A malicious server might cause libcurl-using applications that allow LDAP URLs, or that allow redirects to LDAP URLs to crash. CVE-2018-1000122 OSS-fuzz, assisted by Max Dymond, discovered that curl could be tricked into copying data beyond the end of its heap based buffer when asked to transfer an RTSP URL. For the oldstable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u10. For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u5. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'curl' package(s) on Debian 8, Debian 9. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000120 BugTraq ID: 103414 http://www.securityfocus.com/bid/103414 Debian Security Information: DSA-4136 (Google Search) https://www.debian.org/security/2018/dsa-4136 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html RedHat Security Advisories: RHBA-2019:0327 https://access.redhat.com/errata/RHBA-2019:0327 RedHat Security Advisories: RHSA-2018:3157 https://access.redhat.com/errata/RHSA-2018:3157 RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 RedHat Security Advisories: RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:1543 RedHat Security Advisories: RHSA-2020:0544 https://access.redhat.com/errata/RHSA-2020:0544 RedHat Security Advisories: RHSA-2020:0594 https://access.redhat.com/errata/RHSA-2020:0594 http://www.securitytracker.com/id/1040531 https://usn.ubuntu.com/3598-1/ https://usn.ubuntu.com/3598-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1000121 BugTraq ID: 103415 http://www.securityfocus.com/bid/103415 http://www.securitytracker.com/id/1040529 Common Vulnerability Exposure (CVE) ID: CVE-2018-1000122 BugTraq ID: 103436 http://www.securityfocus.com/bid/103436 http://www.securitytracker.com/id/1040530 |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |