CVE-2017-2628 – curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)
https://notcve.org/view.php?id=CVE-2017-2628
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. curl, tal y como se distribuye en Red Hat Enterprise Linux 6, en versiones anteriores a la 7.19.7-53, no realizó correctamente el backport de la solución para CVE-2015-3148 debido a que no reflejó el hecho de que la definición HAVE_GSSAPI se sustituyó mientras tanto por USE_HTTP_NEGOTIATE. Este problema se introdujo en RHEL 6.7 y solo afecta a RHEL 6 curl. It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. • http://rhn.redhat.com/errata/RHSA-2017-0847.html http://www.securityfocus.com/bid/97187 https://bugzilla.redhat.com/show_bug.cgi?id=1422464 https://access.redhat.com/security/cve/CVE-2017-2628 • CWE-287: Improper Authentication •
CVE-2017-2629
https://notcve.org/view.php?id=CVE-2017-2629
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status). curl en versiones anteriores a la 7.53.0 tiene una característica de extensión TLS Certificate Status Request que solicita una nueva prueba de la validez del certificado del servidor en el código que comprueba el éxito o el fracaso de una prueba. Acaba siempre pensando que hay pruebas válidas, incluso cuando no hay ninguna o si el servidor no soporta la extensión TLS en cuestión. • http://www.securityfocus.com/bid/96382 http://www.securitytracker.com/id/1037871 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2629 https://curl.haxx.se/docs/adv_20170222.html https://security.gentoo.org/glsa/201703-04 https://www.tenable.com/security/tns-2017-09 • CWE-295: Improper Certificate Validation •
CVE-2016-9586 – curl: printf floating point buffer overflow
https://notcve.org/view.php?id=CVE-2016-9586
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. curl, en versiones anteriores a la 7.52.0, es vulnerable a un desbordamiento de búfer cuando se realiza un envío de un gran puntero flotante en la implementación de libcurl de la función printf(). Si hay aplicaciones que acepten una cadena de formato externa sin necesitar un filtrado de entrada, podría permitir ataques remotos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95019 http://www.securitytracker.com/id/1037515 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586 https://curl.haxx.se/docs/adv_20161221A.html https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-8625 – curl: IDNA 2003 makes curl use wrong host
https://notcve.org/view.php?id=CVE-2016-8625
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. curl en versiones anteriores a la 7.51.0 emplea el estándar IDNA 2003 obsoleto para gestionar nombres de dominio internacionales, lo que podría hacer que los usuarios envíen peticiones de transferencia de red al host erróneo sin darse cuenta. • http://www.securityfocus.com/bid/94107 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625 https://curl.haxx.se/CVE-2016-8625.patch https://curl.haxx.se/docs/adv_20161102K.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c0277 • CWE-20: Improper Input Validation •
CVE-2016-9594
https://notcve.org/view.php?id=CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable. curl, en versiones anteriores a la 7.52.1, es vulnerable a un valor aleatorio no inicializado en la función interna de libcurl que devuelve un valor aleatorio bueno de 32 bits. Tener un valor aleatorio débil o virtualmente inexistente hace que las operaciones que lo usan sean vulnerables. • http://www.securityfocus.com/bid/95094 http://www.securitytracker.com/id/1037528 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594 https://curl.haxx.se/docs/adv_20161223.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2017-04 • CWE-665: Improper Initialization •