Test ID:	1.3.6.1.4.1.25623.1.1.2.2019.1021
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1021)
Summary:	The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2019-1021 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'curl' package(s) announced via the EulerOS-SA-2019-1021 advisory. Vulnerability Insight: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes).(CVE-2018-14618) Affected Software/OS: 'curl' package(s) on Huawei EulerOS V2.0SP5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14618 Debian Security Information: DSA-4286 (Google Search) https://www.debian.org/security/2018/dsa-4286 https://security.gentoo.org/glsa/201903-03 RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 RedHat Security Advisories: RHSA-2019:1880 https://access.redhat.com/errata/RHSA-2019:1880 http://www.securitytracker.com/id/1041605 https://usn.ubuntu.com/3765-1/ https://usn.ubuntu.com/3765-2/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.