7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.013 Low
EPSS
Percentile
86.0%
This build resolves the following issues :
CVE-2016-8615 : Cookie injection for other servers
CVE-2016-8616 : Case insensitive password comparison
CVE-2016-8617 : Out-of-bounds write via unchecked multiplication
CVE-2016-8618 : Double-free in curl_maprintf
CVE-2016-8619 : Double-free in krb5 code
CVE-2016-8620 : Glob parser write/read out of bounds
CVE-2016-8621 : curl_getdate out-of-bounds read
CVE-2016-8622 : URL unescape heap overflow via integer truncation
CVE-2016-8623 : Use-after-free via shared cookies
CVE-2016-8624 : Invalid URL parsing with ‘#’
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2016-766.
#
include("compat.inc");
if (description)
{
script_id(94686);
script_version("2.3");
script_cvs_date("Date: 2018/10/01 10:24:12");
script_cve_id("CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624");
script_xref(name:"ALAS", value:"2016-766");
script_name(english:"Amazon Linux AMI : curl (ALAS-2016-766)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This build resolves the following issues :
CVE-2016-8615 : Cookie injection for other servers
CVE-2016-8616 : Case insensitive password comparison
CVE-2016-8617 : Out-of-bounds write via unchecked multiplication
CVE-2016-8618 : Double-free in curl_maprintf
CVE-2016-8619 : Double-free in krb5 code
CVE-2016-8620 : Glob parser write/read out of bounds
CVE-2016-8621 : curl_getdate out-of-bounds read
CVE-2016-8622 : URL unescape heap overflow via integer truncation
CVE-2016-8623 : Use-after-free via shared cookies
CVE-2016-8624 : Invalid URL parsing with '#'"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2016-766.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update curl' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:curl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libcurl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libcurl-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"curl-7.47.1-9.66.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"curl-debuginfo-7.47.1-9.66.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libcurl-7.47.1-9.66.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libcurl-devel-7.47.1-9.66.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / curl-debuginfo / libcurl / libcurl-devel");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
alas.aws.amazon.com/ALAS-2016-766.html
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.013 Low
EPSS
Percentile
86.0%