csaf_certbund - wid-sec-w-2023-1657

WID-SEC-W-2023-1657

Vulnerability from csaf_certbund - Published: 2013-06-24 22:00 - Updated: 2023-07-04 22:00

Summary

cURL: Schwachstelle ermöglicht Ausführen beliebigen Programmcodes mit den Rechten des Dienstes

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cURL ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.

Betroffene Betriebssysteme

- UNIX - Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in cURL ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1657 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2013/wid-sec-w-2023-1657.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1657 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1657"
      },
      {
        "category": "external",
        "summary": "Security update for Dell NetWorker",
        "url": "https://www.dell.com/support/kbdoc/de-de/000215497/dsa-2023-233-security-update-for-dell-networker-curl-7-51-0"
      },
      {
        "category": "external",
        "summary": "cURL Security Advisory vom 2013-06-24",
        "url": "http://curl.haxx.se/docs/adv_20130622.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2013:0983-1 vom 2013-06-25",
        "url": "https://rhn.redhat.com/errata/RHSA-2013-0983.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-1894-1 vom 2013-07-02",
        "url": "http://www.ubuntu.com/usn/usn-1894-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2013:1165-1 vom 2013-07-09",
        "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131165-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2013:1166-1 vom 2013-07-11",
        "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131166-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2013:1166-2 vom 2013-07-11",
        "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131166-2.html"
      },
      {
        "category": "external",
        "summary": "Meldung auf dem Oracle Third Party Vulnerability Resolution Blog vom 2014-04-15",
        "url": "https://blogs.oracle.com/sunsecurity/"
      },
      {
        "category": "external",
        "summary": "Oracle Third Party Vulnerability Resolution Blog",
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_2174_buffer_errors"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin: JSA10874",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10874\u0026actp=RSS"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4652 vom 2019-05-21",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4652.html"
      }
    ],
    "source_lang": "en-US",
    "title": "cURL: Schwachstelle erm\u00f6glicht Ausf\u00fchren beliebigen Programmcodes mit den Rechten des Dienstes",
    "tracking": {
      "current_release_date": "2023-07-04T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:54:16.364+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1657",
      "initial_release_date": "2013-06-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2013-06-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2013-06-24T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2013-06-25T22:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2013-07-02T22:00:00.000+00:00",
          "number": "4",
          "summary": "New remediations available"
        },
        {
          "date": "2013-07-09T22:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2013-07-11T22:00:00.000+00:00",
          "number": "6",
          "summary": "New remediations available"
        },
        {
          "date": "2014-04-16T22:00:00.000+00:00",
          "number": "7",
          "summary": "New remediations available"
        },
        {
          "date": "2014-04-16T22:00:00.000+00:00",
          "number": "8",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2014-04-27T22:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-31T22:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2019-05-21T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-07-04T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "12"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker \u003c 19.9.0.1",
            "product": {
              "name": "Dell NetWorker \u003c 19.9.0.1",
              "product_id": "T028404",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:19.9.0.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source cURL 7.7 \u003c 7.31.0",
            "product": {
              "name": "Open Source cURL 7.7 \u003c 7.31.0",
              "product_id": "T001389",
              "product_identification_helper": {
                "cpe": "cpe:/a:curl:curl:7.31.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-2174",
      "notes": [
        {
          "category": "description",
          "text": "In cURL bzw. in der libcURL Library besteht eine Schwachstelle, welche zur entfernten Ausf\u00fchrung beliebigen Codes ausgenutzt werden kann. Diese Schwachstelle wird durch einen Puffer\u00fcberlauffehler in der \"curl_easy_unescape()\" Funktion verursacht, wenn URL Strings in Raw Daten dekodiert werden. In der Folge kann ein entfernter anonymer Angreifer diese Schwachstelle ausnutzen, indem er speziell manipulierte Daten an ein betroffenes System bzw. an eine Anwendung, welche die fehlerhafte libcURL Library verwendet, sendet. Bei erfolgreicher Ausnutzung dieser Schwachstelle, kann beliebiger Code mit den Rechten des Dienstes zur Ausf\u00fchrung gebracht werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T001389",
          "T028404",
          "T004914"
        ]
      },
      "release_date": "2013-06-24T22:00:00.000+00:00",
      "title": "CVE-2013-2174"
    }
  ]
}

CVE-2013-2174 (GCVE-0-2013-2174)

Vulnerability from cvelistv5 – Published: 2013-07-31 10:00 – Updated: 2024-08-06 15:27

Summary

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2013-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0983.html	vendor-advisoryx_refsource_REDHAT
	https://github.com/bagder/curl/commit/192c4f788d4…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/60737	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-1894-1	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2013/dsa-2713	vendor-advisoryx_refsource_DEBIAN
	http://curl.haxx.se/docs/adv_20130622.html	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:41.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "openSUSE-SU-2013:1133",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html"
          },
          {
            "name": "RHSA-2013:0983",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0983.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737"
          },
          {
            "name": "60737",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/60737"
          },
          {
            "name": "USN-1894-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1894-1"
          },
          {
            "name": "DSA-2713",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2713"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20130622.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "openSUSE-SU-2013:1133",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html"
        },
        {
          "name": "RHSA-2013:0983",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0983.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737"
        },
        {
          "name": "60737",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/60737"
        },
        {
          "name": "USN-1894-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1894-1"
        },
        {
          "name": "DSA-2713",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2713"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20130622.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2174",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "openSUSE-SU-2013:1133",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html"
            },
            {
              "name": "RHSA-2013:0983",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0983.html"
            },
            {
              "name": "https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737",
              "refsource": "CONFIRM",
              "url": "https://github.com/bagder/curl/commit/192c4f788d48f82c03e9cef40013f34370e90737"
            },
            {
              "name": "60737",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/60737"
            },
            {
              "name": "USN-1894-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1894-1"
            },
            {
              "name": "DSA-2713",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2713"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20130622.html",
              "refsource": "CONFIRM",
              "url": "http://curl.haxx.se/docs/adv_20130622.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2174",
    "datePublished": "2013-07-31T10:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:27:41.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-1657

CVE-2013-2174 (GCVE-0-2013-2174)

Tags

Sightings

Nomenclature