|
Family: Ubuntu Local Security Checks --> Category: infos
USN86-1 : curl vulnerability Vulnerability Scan
Vulnerability Scan Summary curl vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- curl
- libcurl2
- libcurl2-dbg
- libcurl2-dev
- libcurl2-gssapi
Description :
infamous41md discovered a buffer overflow in cURL's NT LAN Manager
(NTLM) authentication handling. By sending a specially crafted long
NTLM reply packet, a remote attacker could overflow the reply buffer.
This could lead to execution of arbitrary attacker specified code with
the rights of the application using the cURL library.
Solution :
Upgrade to :
- curl-7.12.0.is.7.11.2-1ubuntu0.1 (Ubuntu 4.10)
- libcurl2-7.12.0.is.7.11.2-1ubuntu0.1 (Ubuntu 4.10)
- libcurl2-dbg-7.12.0.is.7.11.2-1ubuntu0.1 (Ubuntu 4.10)
- libcurl2-dev-7.12.0.is.7.11.2-1ubuntu0.1 (Ubuntu 4.10)
- libcurl2-gssapi-7.12.0.is.7.11.2-1ubuntu0.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|