Rapid7 Vulnerability & Exploit Database

RHSA-2015:2159: curl security, bug fix, and enhancement update

Back to Search

RHSA-2015:2159: curl security, bug fix, and enhancement update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
04/24/2015
Created
07/25/2018
Added
11/20/2015
Modified
07/04/2017

Description

The curl packages provide the libcurl library and the curl utility fordownloading files from servers using various protocols, including HTTP,FTP, and LDAP.It was found that the libcurl library did not correctly handle partialliteral IP addresses when parsing received HTTP cookies. An attacker ableto trick a user into connecting to a malicious server could use this flawto set the user's cookie to a crafted domain, making other cookie-relatedissues easier to exploit. (CVE-2014-3613)A flaw was found in the way the libcurl library performed the duplicationof connection handles. If an application set the CURLOPT_COPYPOSTFIELDSoption for a handle, using the handle's duplicate could cause theapplication to crash or disclose a portion of its memory. (CVE-2014-3707)It was discovered that the libcurl library failed to properly handle URLswith embedded end-of-line characters. An attacker able to make anapplication using libcurl access a specially crafted URL via an HTTP proxycould use this flaw to inject additional headers to the request orconstruct additional requests. (CVE-2014-8150)It was discovered that libcurl implemented aspects of the NTLM andNegotatiate authentication incorrectly. If an application uses libcurland the affected mechanisms in a specifc way, certain requests to apreviously NTLM-authenticated server could appears as sent by the wrongauthenticated user. Additionally, the initial set of credentials for HTTPNegotiate-authenticated requests could be reused in subsequent requests,although a different set of credentials was specified. (CVE-2015-3143,CVE-2015-3148)Red Hat would like to thank the cURL project for reporting these issues.Bug fixes:Enhancements:All curl users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements.

Solution(s)

  • redhat-upgrade-curl
  • redhat-upgrade-curl-debuginfo
  • redhat-upgrade-libcurl
  • redhat-upgrade-libcurl-devel

References

  • redhat-upgrade-curl
  • redhat-upgrade-curl-debuginfo
  • redhat-upgrade-libcurl
  • redhat-upgrade-libcurl-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;