Amazon Linux AMI update for curl
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-22876 CVE-2021-22898 |
| CWE-ID | CWE-200 CWE-457 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU51821
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-22876
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to libcurl does not strip off user credentials from the URL when automatically populating the Referer:
HTTP request header field in outgoing HTTP requests and therefore
risks leaking sensitive data to the server that is the target of the
second HTTP request.
Update the affected packages:
i686:Vulnerable software versions
curl-debuginfo-7.61.1-12.98.amzn1.i686
libcurl-devel-7.61.1-12.98.amzn1.i686
curl-7.61.1-12.98.amzn1.i686
libcurl-7.61.1-12.98.amzn1.i686
src:
curl-7.61.1-12.98.amzn1.src
x86_64:
curl-debuginfo-7.61.1-12.98.amzn1.x86_64
libcurl-7.61.1-12.98.amzn1.x86_64
libcurl-devel-7.61.1-12.98.amzn1.x86_64
curl-7.61.1-12.98.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2021-1509.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of uninitialized variable
EUVDB-ID: #VU53587
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-22898
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.
Proof of concept:
curl telnet://example.com -tNEW_ENV=a,bbbbbb (256 'b's)Update the affected packages:
i686:Vulnerable software versions
curl-debuginfo-7.61.1-12.98.amzn1.i686
libcurl-devel-7.61.1-12.98.amzn1.i686
curl-7.61.1-12.98.amzn1.i686
libcurl-7.61.1-12.98.amzn1.i686
src:
curl-7.61.1-12.98.amzn1.src
x86_64:
curl-debuginfo-7.61.1-12.98.amzn1.x86_64
libcurl-7.61.1-12.98.amzn1.x86_64
libcurl-devel-7.61.1-12.98.amzn1.x86_64
curl-7.61.1-12.98.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2021-1509.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
