Arch Linux update for libcurl-compat



Published: 2017-10-06
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2017-1000099
CVE-2017-1000100
CVE-2017-1000254
CWE-ID CWE-125
CWE-601
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Arch Linux
Operating systems & Components / Operating system

Vendor Arch Linux

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU7882

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000099

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to out-of bounds read. A local attacker can load a specially crafted 'file://' URL to cause the curl application to return data from system memory.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update the affected package libcurl-compat to version 7.56.0-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201710-7


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Open redirect

EUVDB-ID: #VU7884

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000100

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect website visitors to external websites.

The weakness exists due to incorrect validation of redirected URL. A remote attacker can redirect the target user's curl request to a TFTP URL with a long filename to cause the target user's curl application to send portions of system memory.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update the affected package libcurl-compat to version 7.56.0-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201710-7


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU8702

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000254

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when parsing a directory name when connecting to an FTP server. A remote attacker can trigger memory corruption, access arbitrary files and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected package libcurl-compat to version 7.56.0-1.

Vulnerable software versions

Arch Linux: All versions

External links

http://security.archlinux.org/advisory/ASA-201710-7


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###