SB2018040802 - Gentoo update for cURL 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018040802

SB2018040802 - Gentoo update for cURL

Published: April 8, 2018

Security Bulletin ID SB2018040802
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2018-1000005)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP/2 trailer to trigger an out-of-bounds memory read error and cause the application to crash or obtain potentially sensitive information from services that echo back or otherwise use the trailers.

2) Information disclosure (CVE-ID: CVE-2018-1000007)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send custom headers in an HTTP request and an HTTP 30X redirect response code, cause the application to send the custom headers to the server specified in the 'Location:' response header and  obtain potentially sensitive authentication information from applications that use custom 'Authorization:' headers.

3) Heap-based buffer overflow (CVE-ID: CVE-2018-1000120)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker that can control the paths that curl uses for FTP can create specially crafted path names containing the control characters '%00', trigger memory corruption and execute arbitrary code.



4) Null pointer dereference (CVE-ID: CVE-2018-1000121)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in ldap_get_attribute_ber(). A remote attacker can return a specially crafted redirect to an LDAP URL, trigger NULL pointer dereference and cause the service to crash.//

5) Buffer over-read (CVE-ID: CVE-2018-1000122)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to buffer over-read. A remote attacker can cause the target application to trigger a buffer copy error in processing RTSP URLs and cause the application to crash or access potentially sensitive information on the target system.

Remediation

Install update from vendor's website.

References