Improper Certificate Validation in curl (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-7468 |
| CWE-ID | CWE-295 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
curl (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper Certificate Validation
EUVDB-ID: #VU33155
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7468
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.
MitigationInstall update from vendor's website.
Vulnerable software versionscurl (Alpine package): 7.52.0-r0 - 7.52.1-r2
External linkshttp://git.alpinelinux.org/aports/commit/?id=e57c1f8b95e9a6aecc75e9eaae6c7bf9e259adb6
http://git.alpinelinux.org/aports/commit/?id=7079fe21530ae1c8147925d8b591131b786ab2e9
http://git.alpinelinux.org/aports/commit/?id=8e6f31c56dbe2966fb43113f9c7c1039bbef9865
http://git.alpinelinux.org/aports/commit/?id=619d9f8608068fab555a9a54e6154eb798eb5c2c
http://git.alpinelinux.org/aports/commit/?id=02d241912508f1cd6d33a41a8b8a0117385fdbbe
http://git.alpinelinux.org/aports/commit/?id=085ece4cfcbecb4f3ff3bbd6ea2696099f7ba414
http://git.alpinelinux.org/aports/commit/?id=39696e7a1a7079578ea07cb9514fd0c50105340e
http://git.alpinelinux.org/aports/commit/?id=4bd40a7ac5ab979704fdf2142af6cbbe2a9329a4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
