Lucene search
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_4_CURL-120124.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)
2014-06-1300:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
83.0%
The following vulnerabilities have been fixed in curl :
-
IMAP, POP3 and SMTP URL sanitization vulnerability (CVE-2012-0036)
-
disable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (CVE-2011-3389)
-
disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option for older openssl versions (CVE-2010-4180)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update curl-5702.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75806);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id("CVE-2010-4180", "CVE-2011-3389", "CVE-2012-0036");
script_xref(name:"CEA-ID", value:"CEA-2019-0547");
script_name(english:"openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The following vulnerabilities have been fixed in curl :
- IMAP, POP3 and SMTP URL sanitization vulnerability
(CVE-2012-0036)
- disable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
(CVE-2011-3389)
- disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option
for older openssl versions (CVE-2010-4180)");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=740452");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742306");
script_set_attribute(attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-02/msg00032.html");
script_set_attribute(attribute:"solution", value:
"Update the affected curl packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:curl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.4", reference:"curl-7.21.2-10.11.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"curl-debuginfo-7.21.2-10.11.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libcurl-devel-7.21.2-10.11.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libcurl4-7.21.2-10.11.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"libcurl4-debuginfo-7.21.2-10.11.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libcurl4-32bit-7.21.2-10.11.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libcurl4-debuginfo-32bit-7.21.2-10.11.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "curl / libcurl-devel / libcurl4 / libcurl4-32bit / curl-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | curl | p-cpe:/a:novell:opensuse:curl |
| novell | opensuse | curl-debuginfo | p-cpe:/a:novell:opensuse:curl-debuginfo |
| novell | opensuse | libcurl-devel | p-cpe:/a:novell:opensuse:libcurl-devel |
| novell | opensuse | libcurl4 | p-cpe:/a:novell:opensuse:libcurl4 |
| novell | opensuse | libcurl4-32bit | p-cpe:/a:novell:opensuse:libcurl4-32bit |
| novell | opensuse | libcurl4-debuginfo | p-cpe:/a:novell:opensuse:libcurl4-debuginfo |
| novell | opensuse | libcurl4-debuginfo-32bit | p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit |
| novell | opensuse | 11.4 | cpe:/o:novell:opensuse:11.4 |
References
Related
nessus
nessus
openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)
2014-06-13 00:00:00
Debian DSA-2398-2 : curl - several vulnerabilities (BEAST)
2012-01-31 00:00:00
Mandriva Linux Security Advisory : curl (MDVSA-2012:058)
2012-04-16 00:00:00
debian
debian
[SECURITY] [DSA 2398-1] curl security update
2012-01-30 19:49:07
[SECURITY] [DSA 2398-2] curl regression
2012-03-31 19:38:57
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
2011-01-05 23:18:09
openvas
openvas
Mandriva Update for curl MDVSA-2012:058 (curl)
2012-08-03 00:00:00
Mandriva Update for curl MDVSA-2012:058 (curl)
2012-08-03 00:00:00
Debian Security Advisory DSA 2398-1 (curl)
2012-02-12 00:00:00
osv
osv
curl - several
2012-03-31 00:00:00
nss - protocol design flaw
2011-01-06 00:00:00
openssl - protocol design flaw
2011-01-06 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2012-03-06 00:00:00
securityvulns
securityvulns
[USN-1346-1] curl vulnerability
2012-02-08 00:00:00
curl data injection
2012-02-08 00:00:00
ubuntu
ubuntu
curl vulnerability
2012-01-24 00:00:00
OpenSSL vulnerabilities
2010-12-08 00:00:00
debiancve
debiancve
cve
cve
ubuntucve
ubuntucve
nvd
nvd
prion
prion
Crlf injection
2012-04-13 20:55:00
Session fixation
2010-12-06 21:05:00
Session fixation
2011-09-06 19:55:00
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 16 Update: curl-7.21.7-6.fc16
2012-01-28 03:31:08
[SECURITY] Fedora 16 Update: xulrunner-9.0-2.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 16 Update: nss-softokn-3.13.1-14.fc16
2011-12-23 03:31:27
altlinux
altlinux
Security fix for the ALT Linux 6 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0c-alt1
2011-02-01 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.0c-alt1
2011-02-01 00:00:00
redhat
redhat
(RHSA-2010:0979) Moderate: openssl security update
2010-12-13 00:00:00
(RHSA-2010:0978) Moderate: openssl security update
2010-12-13 00:00:00
f5
f5
K12543 : OpenSSL vulnerability CVE-2010-4180
2013-07-05 00:00:00
SOL12543 - OpenSSL vulnerability CVE-2010-4180
2011-01-26 00:00:00
K12853 : OpenSSL vulnerability CVE-2008-7270
2013-09-04 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2010-4180
2010-12-02 00:00:00
veracode
veracode
Insecure TLS Configuration
2020-04-10 00:56:26
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
Blockwise Chosen-boundary Attacks
2017-04-27 06:38:37
mskb
mskb
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
ibm
ibm
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
rubygems
rubygems
oraclelinux
oraclelinux
openssl security update
2010-12-13 00:00:00
openssl security update
2011-02-10 00:00:00
slackware
slackware
[slackware-security] openssl
2010-12-07 07:14:58
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
83.0%
Related for SUSE_11_4_CURL-120124.NASL