This update for curl fixes the following issues :

Security issue fixed :

  - CVE-2018-0500: Fix a SMTP send heap buffer overflow     (bsc#1099793).

This update was imported from the SUSE:SLE-15:Update update project.

New curl packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix a security issue.

Peter Wu reports :

curl might overflow a heap based memory buffer when sending data over SMTP and using a reduced read buffer.

A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.(CVE-2018-0500)

- fix heap buffer overflow in SMTP send (CVE-2018-0500)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the curl package has been released.

This update for curl fixes the following issues: Security issue fixed :

  - CVE-2018-0500: Fix a SMTP send heap buffer overflow     (bsc#1099793).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities:

  - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is     enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary     requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3)     execute arbitrary commands via a redirect to an scp: URL. (CVE-2009-0037)

  - The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl     and other products, always performs credential delegation during GSSAPI authentication, which allows     remote servers to impersonate clients via GSSAPI requests. (CVE-2011-2192)

  - curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a     pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as     demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. (CVE-2012-0036)

  - Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl     and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote     attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in     the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. (CVE-2013-0249)

  - The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path     domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the     domain of a URL. (CVE-2013-1944)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

set_file_metadata in xattr.c in GNU Wget stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.(CVE-2018-20483)

A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.(CVE-2018-0500)

The remote host is affected by the vulnerability described in GLSA-201807-04 (cURL: Heap-based buffer overflow)

    A heap-based buffer overflow was discovered in cURL&rsquo;s       Curl_smtp_escape_eob() function.
  Impact :

    An attacker could cause a Denial of Service condition or execute       arbitrary code via SMTP connections.
  Workaround :

    There is no known workaround at this time.

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3710-1 advisory.

    Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this     issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
123275	openSUSE Security Update : curl (openSUSE-2019-633)	Nessus	SuSE Local Security Checks	3/27/2019	6/11/2024	critical
111036	Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-192-02)	Nessus	Slackware Local Security Checks	7/12/2018	9/5/2024	critical
111405	FreeBSD : curl -- SMTP send heap buffer overflow (3849e28f-8693-11e8-9610-9c5c8e75236a)	Nessus	FreeBSD Local Security Checks	7/30/2018	9/2/2024	critical
112007	openSUSE Security Update : curl (openSUSE-2018-908)	Nessus	SuSE Local Security Checks	8/20/2018	8/15/2024	critical
111606	Amazon Linux 2 : curl (ALAS-2018-1052)	Nessus	Amazon Linux Local Security Checks	8/10/2018	8/23/2024	critical
120440	Fedora 28 : curl (2018-57779d51c1)	Nessus	Fedora Local Security Checks	1/3/2019	7/5/2024	critical
121995	Photon OS 2.0: Curl PHSA-2018-2.0-0096	Nessus	PhotonOS Local Security Checks	2/7/2019	7/22/2024	critical
120084	SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2018:2423-1)	Nessus	SuSE Local Security Checks	1/2/2019	7/10/2024	critical
206854	NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)	Nessus	NewStart CGSL Local Security Checks	9/10/2024	9/10/2024	critical
122035	Amazon Linux AMI : curl (ALAS-2019-1151)	Nessus	Amazon Linux Local Security Checks	2/8/2019	6/21/2024	critical
111412	GLSA-201807-04 : cURL: Heap-based buffer overflow	Nessus	Gentoo Local Security Checks	7/30/2018	9/2/2024	critical
121889	Photon OS 1.0: Curl PHSA-2018-1.0-0186	Nessus	PhotonOS Local Security Checks	2/7/2019	6/21/2024	critical
111038	Ubuntu 18.04 LTS : curl vulnerability (USN-3710-1)	Nessus	Ubuntu Local Security Checks	7/12/2018	8/27/2024	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical