Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.881754
Kategorie:CentOS Local Security Checks
Titel:CentOS Update for curl CESA-2013:0983 centos5
Zusammenfassung:The remote host is missing an update for the 'curl'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'curl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
cURL provides the libcurl library and a command line tool for downloading
files from servers using various protocols, including HTTP, FTP, and LDAP.

A heap-based buffer overflow flaw was found in the way libcurl unescaped
URLs. A remote attacker could provide a specially-crafted URL that, when
processed by an application using libcurl that handles untrusted URLs,
would possibly cause it to crash or, potentially, execute arbitrary code.
(CVE-2013-2174)

Red Hat would like to thank the cURL project for reporting this issue.
Upstream acknowledges Timo Sirainen as the original reporter.

Users of curl should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libcurl must be restarted for the update to take effect.

Affected Software/OS:
curl on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-2174
BugTraq ID: 60737
http://www.securityfocus.com/bid/60737
Debian Security Information: DSA-2713 (Google Search)
http://www.debian.org/security/2013/dsa-2713
RedHat Security Advisories: RHSA-2013:0983
http://rhn.redhat.com/errata/RHSA-2013-0983.html
SuSE Security Announcement: openSUSE-SU-2013:1133 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html
http://www.ubuntu.com/usn/USN-1894-1
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.