openEuler update for curl



Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-22925
CVE-2021-22926
CWE-ID CWE-457
CWE-295
Exploitation vector Network
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

curl-help
Operating systems & Components / Operating system package or component

libcurl-devel
Operating systems & Components / Operating system package or component

curl-debugsource
Operating systems & Components / Operating system package or component

libcurl
Operating systems & Components / Operating system package or component

curl-debuginfo
Operating systems & Components / Operating system package or component

curl
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use of Uninitialized Variable

EUVDB-ID: #VU55149

Risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22925

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP2

curl-help: before 7.71.1-10

libcurl-devel: before 7.71.1-10

curl-debugsource: before 7.71.1-10

libcurl: before 7.71.1-10

curl-debuginfo: before 7.71.1-10

curl: before 7.71.1-10

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1321


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Certificate Validation

EUVDB-ID: #VU55147

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22926

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an error in the CURLOPT_SSLCERT option mixup with TLS library Secure Transport. A remote attacker can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP2

curl-help: before 7.71.1-10

libcurl-devel: before 7.71.1-10

curl-debugsource: before 7.71.1-10

libcurl: before 7.71.1-10

curl-debuginfo: before 7.71.1-10

curl: before 7.71.1-10

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1321


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###