Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.843328
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu Update for curl USN-3441-1
Zusammenfassung:The remote host is missing an update for the 'curl'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'curl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Daniel Stenberg discovered that curl
incorrectly handled large floating point output. A remote attacker could use
this issue to cause curl to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-9586) Even Rouault discovered that curl incorrectly handled
large file names when doing TFTP transfers. A remote attacker could use this
issue to cause curl to crash, resulting in a denial of service, or possibly
obtain sensitive memory contents. (CVE-2017-1000100) Brian Carpenter and Yongji
Ouyang discovered that curl incorrectly handled numerical range globbing. A
remote attacker could use this issue to cause curl to crash, resulting in a
denial of service, or possibly obtain sensitive memory contents.
(CVE-2017-1000101) Max Dymond discovered that curl incorrectly handled FTP PWD
responses. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service. (CVE-2017-1000254) Brian Carpenter discovered
that curl incorrectly handled the --write-out command line option. A local
attacker could possibly use this issue to obtain sensitive memory contents.
(CVE-2017-7407)

Affected Software/OS:
curl on Ubuntu 17.04,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-9586
BugTraq ID: 95019
http://www.securityfocus.com/bid/95019
https://security.gentoo.org/glsa/201701-47
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
RedHat Security Advisories: RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2018:3558
http://www.securitytracker.com/id/1037515
Common Vulnerability Exposure (CVE) ID: CVE-2017-7407
https://security.gentoo.org/glsa/201709-14
https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.