Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.DEBIAN_DSA-919.NASL
HistoryOct 14, 2006 - 12:00 a.m.

Debian DSA-919-2 : curl - buffer overflow

2006-10-1400:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
9

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.7%

JSON

The upstream developer of curl, a multi-protocol file transfer library, informed us that the former correction to several off-by-one errors are not sufficient. For completeness please find the original bug description below :

Several problems were discovered in libcurl, a multi-protocol file transfer library. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2005-3185       A buffer overflow has been discovered in libcurl that       could allow the execution of arbitrary code.

- CVE-2005-4077       Stefan Esser discovered several off-by-one errors that       allows local users to trigger a buffer overflow and       cause a denial of service or bypass PHP security       restrictions via certain URLs.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-919. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22785);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2005-3185", "CVE-2005-4077");
  script_bugtraq_id(15102, 15756);
  script_xref(name:"DSA", value:"919");

  script_name(english:"Debian DSA-919-2 : curl - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The upstream developer of curl, a multi-protocol file transfer
library, informed us that the former correction to several off-by-one
errors are not sufficient. For completeness please find the original
bug description below :

  Several problems were discovered in libcurl, a multi-protocol file
  transfer library. The Common Vulnerabilities and Exposures project
  identifies the following problems :

    - CVE-2005-3185
      A buffer overflow has been discovered in libcurl that
      could allow the execution of arbitrary code.

    - CVE-2005-4077
      Stefan Esser discovered several off-by-one errors that
      allows local users to trigger a buffer overflow and
      cause a denial of service or bypass PHP security
      restrictions via certain URLs."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342339"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-919"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the libcurl packages.

For the old stable distribution (woody) these problems have been fixed
in version 7.9.5-1woody2.

For the stable distribution (sarge) these problems have been fixed in
version 7.13.2-2sarge5. This update also includes a bugfix against
data corruption."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:curl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/12/21");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"curl", reference:"7.9.5-1woody2")) flag++;
if (deb_check(release:"3.0", prefix:"libcurl-dev", reference:"7.9.5-1woody2")) flag++;
if (deb_check(release:"3.0", prefix:"libcurl2", reference:"7.9.5-1woody2")) flag++;
if (deb_check(release:"3.1", prefix:"curl", reference:"7.13.2-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"libcurl3", reference:"7.13.2-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"libcurl3-dbg", reference:"7.13.2-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"libcurl3-dev", reference:"7.13.2-2sarge5")) flag++;
if (deb_check(release:"3.1", prefix:"libcurl3-gssapi", reference:"7.13.2-2sarge5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxcurlp-cpe:/a:debian:debian_linux:curl
debiandebian_linux3.0cpe:/o:debian:debian_linux:3.0
debiandebian_linux3.1cpe:/o:debian:debian_linux:3.1

Related

nessus 26
securityvulns 3
debian 4
osv 1
openvas 18
gentoo 3
ubuntucve 2
cvelist 2
centos 5
nvd 2
f5 2
veracode 1
redhat 3
ubuntu 2
cve 2
slackware 1
debiancve 2
freebsd 1
nessus
nessus
Fedora Core 4 : curl-7.13.1-4.fc4 (2005-1129)
2005-12-11 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : curl, wget vulnerabilities (USN-205-1)
2006-01-15 00:00:00
CentOS 3 / 4 : wget (CESA-2005:812)
2006-07-03 00:00:00
securityvulns
securityvulns
Multiple Network-related Vulnerabilities in Electric Sheep
2005-12-26 00:00:00
[ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl
2006-03-28 00:00:00
[Full-disclosure] iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability
2005-10-13 00:00:00
debian
debian
[SECURITY] [DSA 919-1] New curl packages fix potential security problem
2005-12-12 13:03:48
[SECURITY] [DSA 919-1] New curl packages fix potential security problem
2005-12-12 13:03:48
[SECURITY] [DSA 919-2] New curl packages fix potential security problem
2006-03-10 10:04:53
osv
osv
curl - buffer overflow
2005-12-12 00:00:00
openvas
openvas
Debian Security Advisory DSA 919-1 (curl)
2008-01-17 00:00:00
Debian Security Advisory DSA 919-1 (curl)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-919-2)
2008-01-17 00:00:00
gentoo
gentoo
cURL: NTLM username stack overflow
2005-10-22 00:00:00
cURL: Off-by-one errors in URL handling
2005-12-16 00:00:00
OpenOffice.org: Heap overflow in included libcurl
2006-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2005-3185
2005-10-13 00:00:00
CVE-2005-4077
2005-12-08 00:00:00
cvelist
cvelist
CVE-2005-3185
2005-10-13 04:00:00
CVE-2005-4077
2005-12-08 01:00:00
centos
centos
wget security update
2005-11-02 17:08:39
curl security update
2005-12-21 02:50:35
wget security update
2005-11-03 05:22:50
nvd
nvd
CVE-2005-3185
2005-10-13 22:02:00
CVE-2005-4077
2005-12-08 01:03:00
f5
f5
SOL5868 - Buffer overflow vulnerability in cURL - CVE-2005-4077
2007-05-16 00:00:00
K5868 : Buffer overflow vulnerability in cURL - CVE-2005-4077
2013-03-27 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:10:48
redhat
redhat
(RHSA-2005:812) wget security update
2005-11-02 00:00:00
(RHSA-2005:807) curl security update
2005-11-02 00:00:00
(RHSA-2005:875) curl security update
2005-12-20 00:00:00
ubuntu
ubuntu
Curl and wget vulnerabilities
2005-10-14 00:00:00
curl library vulnerability
2005-12-13 00:00:00
cve
cve
CVE-2005-3185
2005-10-13 22:02:00
CVE-2005-4077
2005-12-08 01:03:00
slackware
slackware
curl/wget
2005-11-06 13:02:36
debiancve
debiancve
CVE-2005-4077
2005-12-08 01:03:00
CVE-2005-3185
2005-10-13 22:02:00
freebsd
freebsd
curl -- URL buffer overflow vulnerability
2005-12-07 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.7%

JSON
Related for DEBIAN_DSA-919.NASL
nessus26securityvulns3debian4osv1openvas18gentoo3ubuntucve2cvelist2centos5nvd2f52veracode1redhat3ubuntu2cve2slackware1debiancve2freebsd1