Detections
Analytics

Amazon Linux 2 : curl (ALAS-2022-1875)

critical Nessus Plugin ID 167236

Language:

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of curl installed on the remote host is prior to 7.79.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1875 advisory.

 A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of `Set-Cookie:` headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor. (CVE-2022-32205)

 A vulnerability was found in curl. This issue occurs because the number of acceptable links in the decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a malicious actor.
 (CVE-2022-32206)

 A vulnerability was found in curl. This issue occurs because when curl saves cookies, alt-svc, and HSTS data to local files, it makes the operation atomic by finalizing the process with a rename from a temporary name to the final target file name. This flaw leads to unpreserved file permissions, either by mistake or by a malicious actor. (CVE-2022-32207)

 A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client. (CVE-2022-32208)

 A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a sister site to deny service to siblings and cause a denial of service attack. (CVE-2022-35252)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update curl' to update your system.

See Also

https://alas.aws.amazon.com/AL2/ALAS-2022-1875.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32205.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32206.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32207.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32208.html

https://alas.aws.amazon.com/cve/html/CVE-2022-35252.html

Plugin Details

Severity: Critical

ID: 167236

File Name: al2_ALAS-2022-1875.nasl

Version: 1.5

Type: local

Agent: unix

Published: 11/9/2022

Updated: 12/11/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-32207

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:libcurl, p-cpe:/a:amazon:linux:libcurl-devel, p-cpe:/a:amazon:linux:curl-debuginfo, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:curl

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/31/2022

Vulnerability Publication Date: 6/27/2022

Reference Information

CVE: CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252

IAVA: 2022-A-0255-S, 2022-A-0350-S