int(5197)

Vulnerability Bulletins

Denegación de servicio en Curl

Vulnerability classification
Property Value
Confidence level Oficial
Impact Denegación de Servicio
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio estandar

System information
Property Value
Affected manufacturer GNU/Linux
Affected software Curl libcurl 7.10.5 < 7.19.7

Description
Se ha descubierto una vulnerabilidad en Curl 7.19.7. La vulnerabilidad reside en un error en "content_encoding.c" cuando zlib está activado.

Un atacante remoto podría causar una denegación de servicio u obtener un impacto no especificado enviando datos comprimidos especialmente diseñados.

Solution


Actualización de software

Debian (DSA-2023-1)

Debian Linux 5.0
Source
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4.dsc
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4.diff.gz
alpha (DEC Alpha)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_alpha.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_alpha.deb
amd64 (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_amd64.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_amd64.deb
arm (ARM)
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_arm.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_arm.deb
armel (ARM EABI)
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_armel.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_armel.deb
i386 (Intel ia32)
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_i386.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_i386.deb
powerpc (PowerPC)
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_powerpc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_powerpc.deb
sparc (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_sparc.deb
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_sparc.deb

Red Hat (RHSA-2010:0273-5)
RHEL Desktop Workstation (v. 5 cliente)
Red Hat Enterprise Linux (v. 5 servidor)
Red Hat Enterprise Linux Desktop (v. 5 cliente)
https://rhn.redhat.com/

Red Hat (RHSA-2010:0329-1)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
https://rhn.redhat.com/

Standar resources
Property Value
CVE CVE-2010-0734
BID NULL

Other resources
Debian Security Advisory (DSA-2023-1)
http://lists.debian.org/debian-security-announce/2010/msg00063.html

Red Hat Security Advisory (RHSA-2010:0273-5)
https://rhn.redhat.com/errata/RHSA-2010-0273.html

Red Hat Security Advisory (RHSA-2010:0329-1)
https://rhn.redhat.com/errata/RHSA-2010-0329.html

Version history
Version Comments Date
1.0 Aviso emitido 2010-04-08
1.1 Aviso emitido por Red Hat (RHSA-2010:0273-5), aviso emitido por Red Hat (RHSA-2010:0329-1) 2010-04-12
Ministerio de Defensa
CNI
CCN
CCN-CERT