Lucene search
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-4286.NASLHistorySep 06, 2018 - 12:00 a.m.
Debian DSA-4286-1 : curl - security update
2018-09-0600:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.012
Percentile
85.0%
Zhaoyang Wu discovered that cURL, an URL transfer library, contains a buffer overflow in the NTLM authentication code triggered by passwords that exceed 2GB in length on 32bit systems.
See https://curl.haxx.se/docs/CVE-2018-14618.html for more information.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-4286. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(117298);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/12");
script_cve_id("CVE-2018-14618");
script_xref(name:"DSA", value:"4286");
script_name(english:"Debian DSA-4286-1 : curl - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
script_set_attribute(attribute:"description", value:
"Zhaoyang Wu discovered that cURL, an URL transfer library, contains a
buffer overflow in the NTLM authentication code triggered by passwords
that exceed 2GB in length on 32bit systems.
See https://curl.haxx.se/docs/CVE-2018-14618.html for more
information.");
script_set_attribute(attribute:"see_also", value:"https://curl.haxx.se/docs/CVE-2018-14618.html");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/curl");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/curl");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4286");
script_set_attribute(attribute:"solution", value:
"Upgrade the curl packages.
For the stable distribution (stretch), this problem has been fixed in
version 7.52.1-5+deb9u7.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14618");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:curl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"9.0", prefix:"curl", reference:"7.52.1-5+deb9u7")) flag++;
if (deb_check(release:"9.0", prefix:"libcurl3", reference:"7.52.1-5+deb9u7")) flag++;
if (deb_check(release:"9.0", prefix:"libcurl3-dbg", reference:"7.52.1-5+deb9u7")) flag++;
if (deb_check(release:"9.0", prefix:"libcurl3-gnutls", reference:"7.52.1-5+deb9u7")) flag++;
if (deb_check(release:"9.0", prefix:"libcurl3-nss", reference:"7.52.1-5+deb9u7")) flag++;
if (deb_check(release:"9.0", prefix:"libcurl4-doc", reference:"7.52.1-5+deb9u7")) flag++;
if (deb_check(release:"9.0", prefix:"libcurl4-gnutls-dev", reference:"7.52.1-5+deb9u7")) flag++;
if (deb_check(release:"9.0", prefix:"libcurl4-nss-dev", reference:"7.52.1-5+deb9u7")) flag++;
if (deb_check(release:"9.0", prefix:"libcurl4-openssl-dev", reference:"7.52.1-5+deb9u7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | 9.0 | cpe:/o:debian:debian_linux:9.0 |
| debian | debian_linux | curl | p-cpe:/a:debian:debian_linux:curl |
Related
veracode
veracode
Denial Of Service (DoS) Through Integer Overflow
2018-09-06 01:26:18
nessus
nessus
SUSE SLES11 Security Update : curl (SUSE-SU-2018:2717-1)
2018-09-17 00:00:00
SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:2715-1)
2018-09-17 00:00:00
openSUSE Security Update : curl (openSUSE-2018-1010)
2018-09-17 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4286-1)
2018-09-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2717-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for curl (openSUSE-SU-2018:2731-1)
2018-10-26 00:00:00
osv
osv
curl - security update
2018-09-08 00:00:00
curl - security update
2018-09-05 00:00:00
CVE-2018-14618
2018-09-05 19:29:00
slackware
slackware
[slackware-security] curl
2018-09-06 07:45:09
suse
suse
Security update for curl (moderate)
2018-09-15 15:12:20
Security update for curl (moderate)
2018-09-15 15:15:01
debian
debian
[SECURITY] [DLA 1498-1] curl security update
2018-09-08 11:54:38
[SECURITY] [DSA 4286-1] curl security update
2018-09-05 20:13:59
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.61.1-alt1
2018-09-09 00:00:00
cloudfoundry
cloudfoundry
USN-3765-1: curl vulnerability | Cloud Foundry
2018-09-27 00:00:00
ubuntu
ubuntu
curl vulnerability
2018-09-17 00:00:00
curl vulnerability
2018-09-17 00:00:00
redhat
redhat
(RHSA-2019:1880) Low: curl security and bug fix update
2019-07-29 12:48:20
(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update
2018-11-13 08:00:33
centos
centos
curl, libcurl security update
2019-07-31 13:37:28
fedora
fedora
[SECURITY] Fedora 29 Update: curl-7.61.1-1.fc29
2018-09-21 05:43:07
[SECURITY] Fedora 28 Update: curl-7.59.0-7.fc28
2018-09-09 09:40:59
[SECURITY] Fedora 28 Update: curl-7.59.0-9.fc28
2018-11-21 03:14:20
ibm
ibm
ubuntucve
ubuntucve
CVE-2018-14618
2018-09-05 00:00:00
freebsd
freebsd
curl -- password overflow vulnerability
2018-09-05 00:00:00
alpinelinux
alpinelinux
CVE-2018-14618
2018-09-05 19:29:00
prion
prion
Integer overflow
2018-09-05 19:29:00
debiancve
debiancve
CVE-2018-14618
2018-09-05 19:29:00
cvelist
cvelist
CVE-2018-14618
2018-09-05 19:00:00
hackerone
hackerone
curl: An integer overflow found in /lib/urlapi.c
2019-04-24 12:05:35
nvd
nvd
CVE-2018-14618
2018-09-05 19:29:00
redhatcve
redhatcve
CVE-2018-14618
2018-09-05 09:19:06
cve
cve
CVE-2018-14618
2018-09-05 19:29:00
ics
ics
Siemens SINEMA Remote Connect (Update A)
2021-03-09 12:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2019-03-10 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2018-10-30 21:01:43
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0128
2019-02-13 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0205
2019-02-04 00:00:00
Critical Photon OS Security Update - PHSA-2019-0205
2019-02-04 00:00:00
oraclelinux
oraclelinux
curl security and bug fix update
2019-07-30 00:00:00
curl security and bug fix update
2019-08-13 00:00:00
kitploit
kitploit
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.012
Percentile
85.0%
Related for DEBIAN_DSA-4286.NASL